The page's scripts can indeed see and alter the changes you make to the DOM, but cannot access the extension's script or data, so there isn't much risk actually.

Extensions are protected by a mechanism called Xray vision, not the shadow dom.

https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Xray_v...