While I understand you not wanting Mozilla to be able to push urgent patches, this is (in my) opinion necessary in sufficently serious cases. Imagine a remote code execution hole in Firefox, being actively attacked through ad networks. In that situation, every minute counts, and an attack could perform serious damage.
The source code is public, there's probably been a blog post about it, there's an about-page for it, and there actually is a setting for it in the main-UI.
I really don't see how it's particularly concealed. If they actually tried to conceal it, you would not know about it at all.
