do not install plugins and extensions in Firefox from sites other than addons.mozilla.org
but I should have said:
do not install extensions in Firefox from sites other than addons.mozilla.org
Plug-ins are different from extensions. Plug-ins come from a variety of sources, such as Adobe (Flash), Sun (Java) and so on. Sorry for any cornfusion.
When any goof startup can create social-network connectors or picture-browsing extensions, Firefox abdicates a good part of its inherent security advantages. Use these at your own risk.
Any goof can create them, but *not* any goof can *publish* them on the Mozilla site. Mozilla has over the last couple years instituted a number of strict review guidelines and tests that an add-on must pass before it's published by Mozilla. Every add-on and add-on update is code-inspected line-by-line by a human editor. Mozilla has staffed up specifically in support of the add-ons site, and the number of code reviewers has grown dramatically in recent months. Reviewers keep a sharp eye out for remote code execution, violations of user expectations of privacy, and anything that detracts from user experience. Additionally, automated red-flag detection tools are now in the works.
Bottom line: do not install plugins and extensions in Firefox from sites other than addons.mozilla.org. With AMO, every single extension and extension update is inspected and reviewed before being published on the site. It's the only way to be sure.
"Don't tell me I'm burning the candle at both ends -- tell me where to get more wax!!"