Is it just ad statistics, or is there actually risk to the client in having the extension silently forwarding client-side information to any page content that politely asks for it? Feels like that basically circumvents XSRF protection, right?
We may be overthinking this. Google may have blocked it as malware because it's malware, even if it's not intended to be.