How is having a built-in PDF viewer more secure than downloading the PDF and viewing it in Adobe Reader or Foxit? Is it just that those readers have vulnerabilities that Firefox doesn't?
Yes. The Firefox viewer sits on top of the JavaScript sandbox, which is the same sandbox that has to withstand attacks from pretty much everything on the internet and has been very hardened over the years (same for other browsers).
Ironically it had a vulnerability last week, but that's ONE and that's why it got so much attention. Adobe Reader and similar have had hundreds.
Allowing people to implement viewers for file types that run in the sandbox as plugins seems like a good idea then. Not that I mind that a PDF-viewer is already built in, but firefox can't support all file types.
