I don't think you have the option to say "this app needs Read and Change for just this one domain," it's pretty much an all or nothing sort of deal. This one uses it to edit the page on YouTube, so it has to require it for all.
There is! In extension's manifest.json you can mention for which URLs your extension needs permission. This extension is asking for "http://*/*", "https://*/*". Which is all of them.
I was under the same impression. I've never developed a chrome extension, but just from following developer communities I thought I had seen complaints in the past about broad access to website data that the Chrome extension API required you to request.
If you install an otherwise-compatible Greasemonkey user script in Chrome without appropriately adjusting the metadata, it will default to requesting access to all domains. I think these were more commonly used in the earlier days of Chrome, and contributed to this misunderstanding.
For what it's worth, the last time I worked on an extension was in 2012, and a friend did most of the work setting it all up, I just wrote some of the code. This was the impression that I was under, but apparently it isn't the case.
I don't know where you're from but in my experience when people use "I think" it implies that they aren't completely sure what they are saying is correct. It's used similarly to "to the best of my knowledge".
