Meh,I dont see any problems here.

For me, Mozilla is a big company not an open source project. As such it needs to take security seriously.

Let's think about the "harm innovation" bit for a moment. If you take money for your work, it is a commercial enterprise and as such you need to ensure it is secure. Even if abandoning it to work on a new shiny project may be more fun.