Try for an actual solution whereby most scripts have a few fine-grained capabilities or can only modify specific sites? Better UIs so that people are informed of what an addon is capable of? nah...
How good is the UI that points out the contraction of "Facebook style changer" wanting to modify all sites? And does this dialog include a warning for extensions that are able to record all activities and phone them home to third party servers, a combination of capabilities that most extensions should not need? There's certainly underlying work that needs to be done to make the latter a reality, but at least trying to solve the problem is better than giving up and falling back to centralized computing.
It's true that users have been desensitized to important decisions through an onslaught of mswin uninformed-consent OK/Cancel dialogs, but at some point they have to be responsible for sensible security decisions (even if that just means downloading Chromium from google.com and not google.com.ojwqodkja.ru). The only way to completely protect a user from themselves is to revert their computer into an unmodifiable display terminal, an idea that should be appalling to anybody who values the concept of a personal computer.
Security is hard; let's make shopping!