I saw this digg article the other day and it lead me to something interesting. ...
All Firefox add-ons must now use a secure method for auto-updating (see bug 378216 and this guide for more details)
Reference: Mozilla Gran Paradiso Alpha 8 Release Notes
In general this is a good thing, and I'm 100% behind any security improvements the mozilla team make....I just hope they make this amenable to the newbies, I recently had a go at writing a small "status bar" firefox addon, and the 1st thing I spotted when installing it was that it was "unsigned"... I looked into the documentation and found it very confusing, and when I finally got it to work I ran into the age old issue that I didn't have a certificate that was signed by a main stream CA, as such I would need to distribute that as well.
I'm going to put looking at the new "secure update" solution on my todo list in hope that I can get some real insight into what they are planning, fingers crossed its good, it works and makes a real difference to the firefox community at large.