I for one am OK with Firefox's mandatory code signing. In fact I prefer it over Chrome's. At least with Firefox you can then publish the extension using your own servers, whereas with Chrome you must use their store, even though it will be hidden from the general public.
Thus, I don't really understand your statement:
> those with private extensions must resort to compiling their own browser
I certainly would never recommend such a thing, myself. If I were paranoid about 3rd party access to my extension to the point I felt I needed to compile by own browser, then one thing I'd certainly do is also disable addons and build mine right into the core product...
I'd certainly trust Mozilla far more than I can trust every addon out there that might coexist with my private addon, which is where most of the attack surface would come from (if such were my threat model).
Chrome allows installing unsigned extensions by enabling developer mode in chrome://extensions. On browser startup you'll see a warning [1] that encourages you to disable unsigned extensions, but users are offered a choice.
I do trust Mozilla, though I'd prefer if they'd also trust me to be capable of making an informed decision and give me a choice while using their product.
It's not an optimal choice, because Firefox Developer Edition is not based on the latest stable release of Firefox, and because users shouldn't be forced to switch to browsers with an alternative focus just to enjoy Firefox with a local extension.
Permanently installing unpacked or unsigned extensions is a feature that all major browsers offer for their users, except Firefox.
> I certainly would never recommend such a thing, myself. If I were paranoid about 3rd party access to my extension to the point I felt I needed to compile by own browser
That's exactly the point, you shouldn't need to compile your own browser to use a private extension!
Thus, I don't really understand your statement:
> those with private extensions must resort to compiling their own browser
I certainly would never recommend such a thing, myself. If I were paranoid about 3rd party access to my extension to the point I felt I needed to compile by own browser, then one thing I'd certainly do is also disable addons and build mine right into the core product...
I'd certainly trust Mozilla far more than I can trust every addon out there that might coexist with my private addon, which is where most of the attack surface would come from (if such were my threat model).