> Extension review times have gone from 1 hour to a variable amount of time ranging from 1 minute to 3 weeks or longer (try to plan a release or spot fix an issue when you have no idea how long it will take for a deploy to reach users)
This is potentially a huge security issue, because the natural way to "fix" the problem is to download and run arbitrary code as an end-run around the review process.
They have some automated review mechanisms to try and stop you from downloading and running arbitrary code, but it's definitely possible to do it.
In my case I settled for having a remote configuration file that I could use to disable features in an emergency (and had to use it a couple times), as a compromise since I didn't want to pull down arbitrary code but was tired of getting burned by it taking a week to push a bug fix.
This is potentially a huge security issue, because the natural way to "fix" the problem is to download and run arbitrary code as an end-run around the review process.