Yes, that's true, but it would be correspondingly more difficult to find an alternative. If a plugin is compromised you're much more likely to be able to easily find an alternative. So it's a trade-off either way.
the cost of a compromised plugin is not just the inconvenience, but also all the passwords you might enter on forms if the plugin has full permissions granted
That's a stretch. We're talking about a translation plugin here. If FF doesn't have a mechanism to keep passwords safe from that, then that is the problem, not the lack of native translation.
I am not wise in the ways of Firefox plugins, but if the ability of a plugin to read a password field is not a separate permission, then that is a much more serious problem than the lack of native translation. That's just a huge gaping security hole, full stop. If that is indeed how Firefox is designed, then the lack of native translation should be the least of your concerns.
that's the whole point I'm trying to make! goddamit stop working on assumption and hypothetical thinking I'm a lunatic, this is a real issue and the actual way firefox works, how do you think all password manager work?
We're not talking about password managers here, we're talking about spelling checkers. If a spelling checker can read passwords, then Firefox has a problem that that has nothing to do with spelling checkers or password managers. You cannot safely use any plugin.
Now, it's possible that Firefox does indeed have this very serious problem, I don't know. But I think it's much more likely that the FF engineers did the obvious thing and excluded password fields from being accessed by plugins by default if they can access text fields. If this were not the case, the complaint would not have been, "FF doesn't have native spell checking", the complaint would have been, "FF has this gaping security hole through which you can drive an M1 Abrams tank."
you're not listening and you're having a very strong opinion on a topic you don't know about, which makes having a discussion frustrating, tedious and very unhackernews-like, the data is before your eyes, believe what you will.
but if you are unwilling to listen, then why ask and answer?
What permission is that? The only permission I see is "Access your data for all websites." If that includes passwords, then FF has much bigger problems than not having native spell checking.