If a "legitimate" website gets compromised, and you told your browser to always load whatever comes from this website because you, as a user, trust it implicitly, then you will get owned. Period. You told Firefox that you want it to load whatever this website gives you and not question it. What's the solution? Don't tell your browser to implicitly trust ANY website. All websites are susceptible to getting hacked. Why would you lower the barrier for hackers by telling your browser to ignore its built-in safeguards?
This is something Mozilla should have done a long time ago, and I welcome this change. If users don't "get it", or think this is too much of a nuisance, then go back to IE or Safari and enjoy getting owned with the rest of those users.