Block downloading of add-ons from mozilla or any websites.
- Block download of XPI files.
- Remove "add from file" menu from about:add-on.
Because maybe the user wants something that isn't supposed to be allowed by default. In a sense that is like arguing that Noscript shouldn't by default block scripts, "break" pages and require the user to do something to view other people's webpages. Is that sensible? I mean I hope there is a workaround for you to get what you want, but acting like a browser-bundle focused around security is completely "off base" in enforcing that (for instance) unknown things don't get to write to a file/filesystem in that manner is maybe a bit "demanding".
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information