You might have the best and most useful addon in the world, but if you install it on other peoples' computers in an underhanded or less-than-honest way, you're going to cause problems.
You're overblowing this by a couple of orders of magnitude.
Some points to keep in mind, for this to have happened to you:
1. You already made a conscious choice to install that version of .NET.
2. That version of .NET installed the plugin in IE.
3. You made a choice to install the update, or you allow auto updates.
4. The first time you restarted firefox after this, you had to ignore the popup that tells you that this new plugin was installed. And you had to choose NOT to disable it (which works just fine, only 'uninstall' was blocked).
This was a very minor thing. Most people that installed .NET 3+ expected ClickOnce to work on all browsers. Why wouldnt it? Adding this to the other popular browser, which huge numbers of people have been asking for for years, is not that big of a deal.
It wasnt a silent install, it didnt use any nefarious techniques, it didnt bypass FF's plugin mechanism (despite the general ignorance of /.'ers on how the two types of plugins work on FF), and it is trivial to disable.
The only arguable thing here is that they should have shipped it as a standalone patch. This is arguable, but fairly minor.
And its only arguable by people who also chose to uninstall/disable Flash, JRE, and PDF plugins as well, as those are all full of holes and have a long history of security issues. The .NET sandbox, on the other hand, has a nearly flawless security history.