No matter how secure something appears to be, it's also in the users' best interest to make sure that they are careful while using it, especially when the time to use it for anything that has to do with funds comes. An extension is not just supposed to be installed when we don't trust the developer, especially on a PC we make use of and could easily be used to access our crypto wallet.
There is a guide that since I got in crypto I have not forgotten and it is "Don't trust, verify". And that is what I do when I want to download apps or even a browser's add on. For example, although we already know this, I always ensure to use the official marketplaces for before downloads and the number of downloads and reviews is what I also check.
Even before this, I do like an "idiot-check", of what the people are already saying about such an add-on on the internet. It seems basic but I have been saved countless times because of this. And if an app or add on is asking to have permission to things like my contacts, gallery or email, when it is not for those type od services, I do not even proceed.