I fully agree that functionality that can be provided by add-ons need not be provided by the core program. In fact, this level of extensibility is a great selling point for Firefox.
The problem is what to do with those who set the preference in the past and have yet to install an add-on. I think it would have been better to take the "paranoid" default (deny all), making sure they have at least as much security as they had before. I find it hard to believe that there are many users who were regularly approving each cookie separately but couldn't dealt with the breakage caused by a temporary "deny all" default.