It wasn't a stupid mistake. It was a blatantly malicious hijacking of an uninvolved piece of software, and it should have resulted in his being blacklisted across the entire Mozilla site. Instead, he apologized for infecting thousands of computers, and he's re-welcomed with open arms and zero punishment. What prevents him from doing it again, but being even more sneaky about it? Nothing at all.
Even if his contrition is genuine, which I don't doubt, his actions required severe punishment. I'll live with having to manually turn on and off javascript when necessary.