The point is making it more expensive for malicious actors. You can't make it impossible to get malicious extensions in, but you can make it harder. It's the same as captchas. You can also defeat captchas, but adding them reduces abuse a lot. As with captchas you're making it harder for good actors too. The difficult part is finding a good balance.
> The point is making it more expensive for malicious actors.
Malicious actors don't care about expenses nearly as much as benign ones do. So the point ought to be, if you want me to fix something, tell me what's broken.
Except that in this case, it's misplaced, and causing benign actors far more pain than malicious actors. If they want to hurt malicious developers, they need to flag extensions as untrustworthy for:
1. age < 180 days
2. dau < 1000
3. some rule around user reports of malice on uninstall?
and this gets a bright warning banner on the top of the page, and it can't be discovered through the chrome store until crossing these thresholds.
Reputation can be bought too btw.