Really what this boils down to, imho, is a need to educate users on the meaning of the permissions that are granted (with approval) to these extensions. Certainly the vast majority of users confirm the security permissions without comprehending the weight of access they've just provided the extension author.
With JavaScript, it's nearly impossible for Chrome to reasonably explain, with any level of granularity, what exactly an extension will do with its access - hence the "access your data on all websites" warning.
A proof of concept to demonstrate how you can take advantage of this access for nefarious reasons, even after getting approval into the Chrome Web Store, would be quite simple.
Long/short of it is: make sure you trust the author of any extension you install!
With JavaScript, it's nearly impossible for Chrome to reasonably explain, with any level of granularity, what exactly an extension will do with its access - hence the "access your data on all websites" warning.
A proof of concept to demonstrate how you can take advantage of this access for nefarious reasons, even after getting approval into the Chrome Web Store, would be quite simple.
Long/short of it is: make sure you trust the author of any extension you install!