Yeah, I'm not saying this extension is doing anything nefarious. I am saying that Google's propaganda about MV3 isn't right, and it's obviously spilling out to other people. MV3 blocks one specific api call in OnBeforeRequest()...the one that's useful mostly to ad blockers. The remote loaded code restriction is laudable, but the review process is weak. It's fairly easy to get shady things approved.
Right, I acknowledged that in the comment you're replying to. But the review process is weak. And, I don't need to load external code to exfiltrate stuff. For example, I can load an image with a specific name/path, or hijack functionality already on the page, like Google Analytics code. Generally, non-trivial extensions cannot be both secure and useful at the same time.
