It's a trade off between security for normies and power for technical users. I disagreed at the time (as an addon author) yet have come around to agreeing with the choice.
It's not IT. It's the "potentially unwanted software" installers they download. There's no way to distinguish a user installing an unsigned addon vs some malware doing so.
If you're already running an unverified third-party installer, your system is gone. There's nothing Firefox addon signing can do to save you at that moment. You are already at the "running arbitrary code" stage.
