I don't think anyone would claim it's hard to drag and drop a file into the extension manager window. Yes, it creates enough friction to stop the typical drive-by download attack, but it's not a difficult operation.
The change adds support for configuring off-store installs, in addition to changing the default configuration. So, an enterprise can add a list of trusted install sources and distribute it through global policy, Puppet, etc.
