As a developer I should have known this 100x over, but today I installed a Firefox addon to more easily view and edit a site's cookies for dev work. This addon was console logging something like syncing cookies with remote server... which scared the bejesus out of me particularly since I didn't create an account/there should be no reason to send my data to any remote, so I removed it.
My question: can an addon easily send my cookie data to their own server for malicious use?