I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations" that don't look so suspicious. Imagine how many developers have accepted these offers. Then look at the number of extensions in your browser and think about how much risk there is that you have an extension with malware.
Yes in theory, but you have to vet the libraries you add to be really sure, even these “integrations” might be open source and still be malicious, because they prey on the lazy devs (…don’t look at me 👀) that would just look at the license and say “ah it’s MIT, all good then”.
To be honest, they would also need to be either very gullible or desperate to fall for such an offer, open source devs usually don’t go around offering get rich quick schemes