But the add-on isn’t sandboxed like in chrome. Like i remember, depending on if you use an external MAC like apparmor or not, where if you’re runnimg in Linux and you’re using Firefox, websites could steal your ssh keys from ~/.ssh/

Malicious addons or websites could easily do the same thing, and steal your bitwarden credentials. Unless you have the premium version, you can’t put otp on it.