Neither does including anti-Microsoft code in your product. (it doesn't protect against shadier players because those don't care about having friends.)
Like I said, it's not effective. If malware wants to futz with your browser executable, it's just going to patch the executable, not conveniently go through the plugin interface around which you've designed some forgeable security token.
When firefox starts, it checks each plugin has been explicitly accepted by the user. If not, it alerts them.
Sure, you could reverse engineer the signing token, and hack around it, but that wouldn't get you many friends.