As I understand it, it's a single trusted binary (Google's Widevine), not arbitrary binaries from sites, so I doubt it's a huge security liability. Not to discount all the other problems with DRM on the web, of course.
The above is correct. The CDM is very heavily sandboxed, a signature is used, and therefore it can't really do anything apart from what it's supposed to do (which is very little, taking encoded data, a key, decode media).
Source: I'm on that team, but I don't work directly on this.
Worth mentioning is that this is also solving a different problem from the old browser plugin ecosystem. Rather than enabling third parties to extend browser functionality, this exists exclusively to partition the open-source Firefox codebase from closed-source DRM code, a workaround to enable DRM playback in an open-source browser.
I still think the "best" answer is to untick the box that says "Play DRM Content" in the Firefox preference panes, and refuse to support corporations that would otherwise use it.
I haven't bought DRM media for over fifteen years.
