Re: 'Check a site against Web Security's global blacklist'
Given the speed with which new sites can appear, to do this in real time, you'd either need to download the updated list before every page view or you need to send the domain name to the service for checking.
The other question is, how much space will that take up? For a properly indexed database, you need to install a databas engine, not something the add-on is allowed to do, create the relevant tables, index them and then populate it every few minutes with any changes. That would be a complete logistical nightmare to implement, especially over hundreds of thousands or millions of devices.
I understand the privacy problem, but on the other hand, I don't see a way to make the add-on fast and light and useful. A local black list will take up a lot of space and will always be out of date. A local white list with the top 1,000 sites might work, then anything else would be sent for checking.
It is a tradeoff, you have to hope that they aren't logging your ID and URLs visited in return for decent security.
I'll wait until the story is fully disclosed, before leaping to any conclusions.