That's only because you personally don't download it. I can't tell you how many times my uncle has installed a new "search toolbar" for Firefox that I've then had to disable. Luckily, disabling an extension is trivial. For the non-savvy user, though, it's still an issue.

thats why the process changed and now extensions need to be signed and reviewed.

Firefox stable will not install add-ons from outside the Mozilla add-ons site by default

Unless you change a single setting that allows you to do so. Guess how many of those malware toolbars pop-up a message that says "Click here and select this option to allow us to fix the issues with your system"?

You simply can't disable it in future versions of Firefox.

I've definitely seen copies of desktop Firefox running malicious extensions. Mozilla somewhat discourages installing extensions that aren't on the official add-ons website (and thus haven't gone through an App-Store-like review process), but people do it anyway.

And from the next version on, extensions installed from a non-accepted store are disabled and can’t be installed.

(Yes, as a developer, you can just add extensions, or as company, you can add your own certificate.