The solution is open source + verifiable builds: in this way you can check the code AND that the app you are going to use (or used in the past) is compiled from specifics sources.
Discussion
Oh, were we talking or even considering non opensource programs? It absolutely couldn't cross my mind that was the case.
If you are using M$-Winbugs or any other close source toy, you have much bigger problems than trusting a browser extension with your nsec.
I just want to add "reproducible/verifiable builds" to the open source solution to reply to the "the problem with verifying open source code" comment.
Please take it easy, simply understand what I wrote and don't make assumptions on what I use, is... useles :)