Right. If your tagline is privacy first, the defaults should be set to maximum privacy (unless if it might break sites - in which case it may be acceptable to set to a less intense config). Any features that is a compromise between privacy and convenience, should be easily enabled/disabled through the UI (not a bloody config file). If they can build a ui for everything else, I don't think it's too much to ask for a simpler switch for privacy related options.

Trying to save my passwords is particularly annoying till I disable it.