Although I don't do this on regular basis, but I happen to read many browser extension sources. They're mostly relatively easy to understand and contain no unconventional clever hacks or obfuscated parts. The only obfuscated code in most extensions are minified third-party libraries (like jQuery).
Won't say ABE's code is compact or easy to read, but it's fairly comprehensible and reviewing it in reasonable time feels possible. It is well possible that some tricky security issue will slip under the radar, but code contains no tricky math or crypto stuff where every single point is crucial for security, and spotting malware/spyware code should be possible.
But "review the code"? You have no chance.