Yes but every extension that does anything remotely interesting needs access to "your entire browsing history," which is a comment much scarier than it usually is. The truth is that it is impossible for a computer to distinguish malicious javascript from useful javascript, meaning all trust and verification needs to come from the user.