I think the reason was probably that the vast majority of Firefox users, if asked, would prefer that they did this. Not too many would say, "I am willing to participate in your study, but please don't fix my browser's add-ons if they all break". Sure, approval might not be 100%, but it would be something well north of 90%, and they probably took the right action.
Given, of course, that the truly right action of not letting the certificate expire in the first place, was no longer possible.
Not sure if you want a browser that emphasis privacy and security, that you will also want to have remote code injections as a way to ship an update that affects the way add-ons security work.
Given, of course, that the truly right action of not letting the certificate expire in the first place, was no longer possible.