The Register are reporting a browser extension for web of trust has been caught stealing and harvesting browser history.
This underlines the risk browser plugins carry - they often can ‘see’ everything you’re browsing on the web and can send that data back to their developers. Most plugins are harmless and do what they say - but there is very little stopping ‘bad actors’ adding malicious code.
Another potential risk is a 3rd party ‘buying’ an existing plugin, imagine how many developers would happily sell their plugin for a few thousand dollars, they can then ‘update’ the plugin with malicious code and most users would never note.
The plugin stores do attempt to prevent this - but it’s going to be nearly impossible for them to stay ahead of all hackers.