Among other things, this is why when people say "HN doesn't need a dark mode, just use an extension", that isn't a valid solution. For years now I've refused to install any extensions that aren't too-big-to-compromise (which in practice - for me - means AdBlock Plus and maybe React Dev Tools), and that should be everyone's policy. Any extension whose compromise wouldn't damage the reputation of a billion-dollar organization is simply too juicy of an attack vector.
But is it better known? That's the determining factor here. The Great Suspender was well-regarded in certain circles, and even fairly well-known (I've never used it but I've heard of it). But even it apparently wasn't above compromise. To be reasonably safe, an extension has to either be a) so well-known that they'd never be able to get away with silently adding malware (because someone would notice, which to be fair is what happened here), or b) tied to a major brand that wouldn't want to sell out to some shady firm, on PR grounds alone.
I see the distinction you are making, but there are many people (here especially) whose definition of "compromised" is not limited to malware (or whose definition of "malware" is not limited to what is happening with TGS).
I agree that extension security isn't considered nearly as often as it should be, though my barrier isn't quite yours. For me, it comes down to developer trust and permissions. If someone I trust wrote a small, feature-targeted extension, I would probably be comfortable installing it. Similarly, if the permissions an extension has are tightly scoped to its use case, I'm more comfortable installing it.
Now that I write that, I'm not sure how permissions and upgrades go together. If an extension that had tight permissions relaxes them I'd get notified before they took effect, right?
