Stylish recently started stealing user data. It was caught, but not until the updated extension had been downloaded and run by many users.
The update was accompanied by a change to the Stylish privacy policy, which the Stylish developers presumably made on the theory that if they updated the privacy policy, it would be legal for them to opt people in to data collection without notifying them.
Had this privacy policy update been brought to users’ attention before Firefox started running the new extension code, instead of after, perhaps the misbehavior would have been caught earlier, and the impact of the problem limited.
When the privacy policy for an add-on changes, Firefox needs to stop that add-on from running or updating until the user has a chance to review and accept or reject the new policy.