This feels analogous to videogame modding. You either let/don't prevent the modders from messing with the very core of the game, which brings total overhaulability but also total vulnerability and jankiness; or you give them a nice modding API that, depending on how much effort you put into it might be rather powerful, safe and and convenient but IMO is fundamentally crippled in comparison to the former approach, it's as if you have to imagine all the ways people might want to mod your game beforehand.
Also, I have this bad taste in my mouth from Mozilla getting all that Google money just hours after sacking their developers, like it was a condition.
Third option: You give them a nice modding API and let them access the core of the game. That way you gain the benefits of a modding API without restricting modders' creativity.
Only a third option if you don't care about all the problems the article tells us about. Full access by third party developers and being able to update code are simply at odds with each other. There's no way around it.
Allowing addon developers to access private APIs simply doesn't prevent Mozilla from changing them, or anything else. An unstable API is much better than none at all.
Also, I have this bad taste in my mouth from Mozilla getting all that Google money just hours after sacking their developers, like it was a condition.