There are alternative methods that Mozilla could do, like bringing a Mozilla certificate to host the extension in your own site without an extra prompt.
You are talking around the larger problem, which is a huge one for many extension and app ecosystems (e.g. Google Play, where weak-AI scanners fail to stop malware and spamware).
Mozilla uses community review, which works much better but is of course imperfect, a human thing.
No one that I know of has solved this larger problem. I would be interested in research pointers and tips (not complaints).