It's unclear to me from the post that the sandbox code will be unbundled from Firefox. Furthermore, it should be possible to distribute a compiled version of Firefox that doesn't have the ability to install the module in the first place, with a minimum of effort.
If you don't enable it by default, but the first time a user visits any website with a video ad they get a clickthrough that downloads and installs it, a huge portion of the user base will end up with it installed. This is less than desirable if you care about security.
I'm sure security- or ideological-focused distros will do a version of this anyway, but it should be supported upstream to segment the code as much as possible so as few vulnerabilities leak into the "main" codebase as possible.
I don't understand your argument. If you are installing firefox for yourself, you don't need a version with the support compiled out; just don't install the plugin.
If you are installing firefox as sysadmin for someone else, you don't need a version with the support compiled out; don't give the users rights to install plugins.
What use case has less security just from the sandbox being enabled?
If you don't enable it by default, but the first time a user visits any website with a video ad they get a clickthrough that downloads and installs it, a huge portion of the user base will end up with it installed. This is less than desirable if you care about security.
I'm sure security- or ideological-focused distros will do a version of this anyway, but it should be supported upstream to segment the code as much as possible so as few vulnerabilities leak into the "main" codebase as possible.