The alternatives are either fully open repositories (although a slightly motivated programmer can easily view the source of any extension) or a walled garden a la Apple app stores. Am I missing something here?
I think the silent, automatic updates and wide-reaching permissions that aren't communicated in an understandable way to end users are the real issues.
