As others mentioned, I'm primarily interested in noticing the extension gaining malicious code, such as often occurs in the wake of a transfer, not noticing the transfer itself. (Which would also capture the case of extension not actually changing hands but nonetheless shipping malicious code - including both your example as well as a targeted attack on an ethical developer.)
Also I think it's reasonable for browsers to require complete auditable source (even if there's some obfuscation happening before it gets to users), which would probably have a deterrent effect on weakly-ethical developers - it's harder to ship code you can plainly see is malicious than to just sell the extension and wipe your hands of it. (There are enough stories of founders who care about their companies selling startups to acquirers that don't that I think there is something in human nature that makes it easier to hand off your creation to someone who will do bad things with it than to do the same bad things yourself.)
Also I think it's reasonable for browsers to require complete auditable source (even if there's some obfuscation happening before it gets to users), which would probably have a deterrent effect on weakly-ethical developers - it's harder to ship code you can plainly see is malicious than to just sell the extension and wipe your hands of it. (There are enough stories of founders who care about their companies selling startups to acquirers that don't that I think there is something in human nature that makes it easier to hand off your creation to someone who will do bad things with it than to do the same bad things yourself.)