Perhaps, but this extension could have been stealthier. It was using a plaintext web socket on port 6332. If the extension author had instead gotten a Google analytics account, and exfiltrated data via encrypted https GETS to Google servers, it might have never been spotted. That kind of traffic likely happens 24/7 in a typical corporate environment.
This is pretty much par for the course, unfortunately.
I started out programming on a dark theme (the emacs default) but I've used a light theme professionally for about 15 years (and no other dark applications). I prefer the light theme and I don't find it hard on my eyes one bit and I have astigmatism.
The exception is if you're using it in a terminal, in which case it re-uses the terminal's colors.
It would be nice to have an overview of what exactly was exported to know the impact of this breach (without having to use reveal(x) myself).
However instead of creating a "antivirus" vs "virus" classic scenario, that we all know it doesn't work my lines is: all must be open (hw, sw) and developed in a FOSS way from the start.
For instance if you are an hw OEM who want to produce a new GNU/Linux phone? Ok, start work on it in a public repo. If your project interest others, many with valuable skills came to help. Perhaps including some bad one. But the community will protect you, because you publish from the start the rate of benevolent and interested individuals that follow your project from the start will likely detect any bad guys, far better than any software, heuristic and even "AI" in general terms. After you know that community give credit so if the project will be successful people will buy your product, paying you back for your part of work and physical production. Other, of course, may use your schematics and software for free but if they add competitive features you get them back for free because of FOSS licensing, if they do not respect licenses you'll get backed by FSF&c that have a firepower and advertising capability normally superior to any new company/startup. Otherwise if there is only a price competition many will go for the cheap, many, not all. And if you and the community keep innovate the project you keep gaining money, no different than pharmaceutical industry that do research vs pharmaceutical "generic" industry.
Long story short: I can't trust closed sources extensions nor more nor less than closed source security software, I can't trust a company no more than another (only reputation can lead to small percentage variations). So I do my best to avoid inoculate in my systems software that I can't trust... Good assessments are still needed but they are IMO not really much valuable without the openness at the base: the need of trust is a weakness, so we need to being able to trust each other with the power of verify trust at the core, not only at the skin.