That'd help, but a problem is they could still go closed-source and you wouldn't know - the store itself has no concept of open or closed source so it's not like you could check an "uninstall if it goes closed source" box. Maybe there's room for a browser extension that hosts other browser extensions but with a much better security model than what Google allows.

I think that'd be a great idea, an "FDroid for extensions": A store that serves exactly the code in the repo. Sadly I don't think Chrome/Firefox allow building this as an extension itself.

You don’t have to use the store to install and update the extension. You monitor the upstream GitHub release feed, and build and install the extension yourself on every update.

This would make a great host extension - just add new extensions to the list and it automatically pull/build/installs the extension.