I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations" that don't look so suspicious. Imagine how many developers have accepted these offers. Then look at the number of extensions in your browser and think about how much risk there is that you have an extension with malware.
This is more about developers carelessly integrating 3rd party code into their extension without verifying if it’s malicious. People should be able to spot this if it’s a widely reviewed open source extension. At the end of the day, you have to make sure you trust the developer that they have sound programming skills and decent security knowledge to not be duped into adding code from an untrusted source just because of an offer for income.
This is more about developers carelessly integrating 3rd party code into their extension without verifying if it’s malicious. People should be able to spot this if it’s a widely reviewed open source extension. At the end of the day, you have to make sure you trust the developer that they have sound programming skills and decent security knowledge to not be duped into adding code from an untrusted source just because of an offer for income.