Remotely hosted code : Firefox already does not allow remote code as a policy. Manifest v3 includes a proposal for additional technical enforcement measures, which we are currently evaluating and intend to also enforce.
Please do not do this. At best, users should have the ability to vet and approve remote scripts individually or at an extension-level, not to have them blocked outright. There are legitimate cases for needing remote scripts, and introducing this change will break Greasemonkey, Tampermonkey, and Violentmonkey, all of which rely on loading code from outside of the extension.
Users shouldn’t have to be forced to create and publish entire extensions to load custom scripts. Users most definitely shouldn’t be charged money for this either.
I would also argue that custom scripts are much safer than any extension as the user sees the entirety of the code being executed.