It was all of the above in varying degrees. Overlay-based addons can do anything up to and including rewriting a large proportion of Firefox. The risks are obvious, but it also makes it impossible to determine where Firefox ends and any or all addons begin, both for the purposes of monitoring them and potentially to allow separation into separate threads or processes. The SDK provides a fixed API between Firefox and the addon that both allows them to be distinguished and to limit the things they can do that might be dangerous. It also is a step in the direction of a true multi-process Firefox, something which overlay-based addons just don't do because they are by definition part of the main thread. Although the SDK provides methods for stepping outside the provided API, these must be explicitly requested and so are easy to detect by reviewers and potentially control in the future.