The developer now actually told me that you signed (hence officially allowed) his unofficial “support” addons despite that fact that they dynamically load code from remote websites. And he is correct, the addons have a valid signature, otherwise it wouldn’t be allowed to install the addon.
So what is this whole signature-system worth if you basically sign everything, even a blank check, where the developer can remotely inject everything into the addon?
Didn’t you learn anything?
YouTube Unblocker, WoT, ProxTube? Every once in a while, a malicious addon appears and then everyone is shocked. How could this happen? Why didn’t anyone warn us about this?
I think this is a huge design issue. How can you even decide that the addon is sane if the addon is just a wrapper for the content that’s stored somewhere else?