Well, it's not necessarily that. For example, my website serves an authority delegation file (https://stavros.io/.well-known/browserid) which I really don't want an attacker to mess with. Serving JS libs/changing the config/etc wouldn't get them anywhere, unless they could change that single file.
Since there are some ways to protect from that (I think the two I proposed above are reasonable), Mozilla probably should think about implementing it.
Since there are some ways to protect from that (I think the two I proposed above are reasonable), Mozilla probably should think about implementing it.