>If PiHole is malicious, there is already an attacker on your network
In contrast, UXSS provides an attacker on your network that already has access to everything inside your browser. That's banking, email, keylogging credit card numbers, etc. That's the end game right there.
A malicious rPi on your network is quite a few steps away from there, you'd still have to phish and deal with HTTPS/browser security and unlike UXSS that only gets you one set of credentials.
In contrast, UXSS provides an attacker on your network that already has access to everything inside your browser. That's banking, email, keylogging credit card numbers, etc. That's the end game right there.
A malicious rPi on your network is quite a few steps away from there, you'd still have to phish and deal with HTTPS/browser security and unlike UXSS that only gets you one set of credentials.