That's not really true. the average user has no clue what a file format even is, much less what a CRX is. And to be entirely honest, it's not fair to expect them to know what files are safe to just download and run. So, we made the decision to protect the average user at the cost of an extra command-line flag or a drag-and-drop operation for developers. I think that was a good trade-off, but you're certainly welcome to suggest something better.
The problem is that you're thinking of extensions as files, which most users don't understand. They want an extension; they don't care how it's delivered and they have no idea what an auto-update source is.
I have a button on my website that says "Install extension." I don't tell them it's a link to a .CRX file; that's an implementation detail. If you asked any of my users whether they had downloaded a file (let alone what its extension is), most couldn't tell you. Similarly, the Chrome Web Store has buttons that say "Add to Chrome," not "Download Trusted .CRX File."
