- Installing Firefox requires downloading an unsigned binary from a random web server
- Installing unsigned extensions is the default action in the Extensions dialog
- There is no way to check the signature on downloaded program files
- There is no obvious way to turn off plug-ins once they are installed
- There is an easy way to bypass the "This might be a virus" dialog
It makes a good point about the differences in how Microsoft implements security differently than Firefox.