An extension can steal personal data and manipulate pages with Manifest V3 APIs just like before, it does not become any harder for extensions to compromise browsers. There may be an argument that it becomes a bit less performant to execute the JS required to thoroughly compromise a browser, but I don't think such malware cares about microsecond performance losses.
Ad blockers will no longer be able to have granular and complete control over requests. Extensions will still be able to observe requests, but not edit them on the fly based on advanced and dynamic criteria.
Extensions will no longer be able to neutralize all current and future evasion techniques the advertising and tracking industry implements. Ad blocking and tracking protection extensions will be forced to degrade technologically by about 5 years, and then stagnate.
Well, then it means they don't need to monitor their extension store for extensions doing bad things, I suppose it's part of the story.