but no one seems to be discussing how risky it actually is.
That is because people stopped doing it ages ago.
But shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system?
Security is always a matter of layers. Any given layer can fail some of the time but you want to set up your security so situations where all the layers fail together are rare.