This is a silly argument. You might as well say that Firefox should include an option to silently submit all your keystrokes to a designated endpoint, because after all if you have access to set that option you have access to install a keylogger.
So what if they could, in theory, work around the indicator by asking users to install some dubious live-patching executable? Firstly, the users wouldn't have to do so - the enforcement mechanism here is ultimately the MITM itself, so as long as the users just installed the certificate they could continue to access sites (they would have to make the certificate available separately, for installation on iOS / Android / ChromeOS etc). Secondly, the security implications of live-patching the executable are mostly irrelevant, because the only people installing this have already lost the security game. Thirdly, there is a benefit in making the bastards work for it - keeping that live-patcher up-to-date and working against a range of target executable versions is going to be bitter work.
So what if they could, in theory, work around the indicator by asking users to install some dubious live-patching executable? Firstly, the users wouldn't have to do so - the enforcement mechanism here is ultimately the MITM itself, so as long as the users just installed the certificate they could continue to access sites (they would have to make the certificate available separately, for installation on iOS / Android / ChromeOS etc). Secondly, the security implications of live-patching the executable are mostly irrelevant, because the only people installing this have already lost the security game. Thirdly, there is a benefit in making the bastards work for it - keeping that live-patcher up-to-date and working against a range of target executable versions is going to be bitter work.