The thing that stands out to me in the discussions on the Mozilla mailing list is how Mozilla is changing the goals of extension signing after the fact. It was initially presented as a method of combatting malware but with the back and forth over Zotero they now seem to be expanding the scope to include add-ons with performance problems, addons with code that is hard to read, addons with code that touch powerful API's unnecessarily. That's opening up a whole lot of grey area for their volunteer reviewers to wade into. In hindsight, I also wonder if they shouldn't have just waited for XUL addons to be phased out since the screening process for the more limited WebExtensions API should be easier.