It is absolutely not "still very easy to install extensions" outside of the webstore. If it were then how would this be a solution at all? The reason you're calling it a solution is because you're making it so much harder that it will happen far less frequently.
I don't think anyone would claim it's hard to drag and drop a file into the extension manager window. Yes, it creates enough friction to stop the typical drive-by download attack, but it's not a difficult operation.
The change adds support for configuring off-store installs, in addition to changing the default configuration. So, an enterprise can add a list of trusted install sources and distribute it through global policy, Puppet, etc.
