It's unlikely to be abused by am attacker, if it requires starting Firefox with a certain environment variable. Chrome has the same thing with a command line switch.

Useful for some internal unit/integration tests for release and test builds, but really dangerous when pointed to the web.

Actually, "all the security checks" is inaccurate; it seems to enable certain special powers in JS. It turns off one security measure. These special powers seem to be enough to compromise other stuff; but again, if you're in a position to flip that switch you already can compromise other stuff.