Thanks for the reply.
I understand that there are several viable workarounds. Especially since on Windows, ChromeSxS actually works (hello, #38598), using unstable is relatively painless. But I can't shake off the feeling that you got a nice bonus of enforcing CWS TOS on the largest chunk of your userbase.
Non-Web-Store extensions never had auto-update to begin with. The only difference between loading unpacked and side-loading is that it's a bit trickier to install unpacked, and Chrome will warn you every time you start up.
This is simply not true. I've been an extension developer for quite a long time, and I've always hosted a beta version of my extension outside CWS, with auto-update, using update_url key in the manifest.
And that's why I had to scramble to move my beta version to CWS unlisted before 33 hit stable. If I missed the announcement, it would be slightly painful to recover.
I wonder though, if you've engineered the hard block of an extension to still look for updates. So that a user who had an extension blocked by this would later get the extension back if the developer submitted it to the webstore with the pem file.