Personally, I would’ve lowered the size of this was about security. Make it a nice, round number, like 1024.
I think it must’ve been based on something like “the declarative layout is x KB per entry so if we assume the file can be 10MB at most we get about 30k entries”. Maybe they documented it somewhere, I don’t know.
I think it’s clear that a security concern has been hijacked by the ad people. If it was just about security, some other content blocking API would’ve been set up. Safari on iOS has content blockers and that doesn’t even use web extensions, so clearly there are software design models that allow blocking without the “read any website data any time” risk that WebExtensions pose.
But these features don’t just target ad blockers. It also affects other extensions, like Stylus for user CSS, or TamperMonkey for user scripts. It also affects other content blockers, of course. The big difference is that most extensions that require permanent access to every resource on every page are either ad blockers, malware, or power user scripts.