IIRC the reason AMO is sensitive is because the browser injects a "control the browser" object into the page. The first pref Tridactyl sets is to remove this privilege escalation, the second (in top comment) is to remove the restriction on addons accessing AMO. Perusing the original bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1415644) the main concern overall seems to be stealing browser history through Firefox Accounts. But as the reviewer says, "I'm not really clear what we're protecting here, feels like a bug in search of a problem."