I’m sure its common knowledge by now that whatever you write in text boxes on customer support chats can be seen by whoever is on the other side, without or before hitting send. Don’t you think that’s a breach of privacy?! I imagine it isn’t too difficult to implement a fix for it: The browser (like Firefox) could choose not to upload the user input to wherever the website links to, without user input (like click a send button).
The Firefox extension API explicitly requires user actions before an extension can do things like open popup windows.
It’s a gray area–on one hand, most people might not expect any info to be sent until they hit enter, but it’s a debatable point (ICQ users were accustomed to seeing the text come through letter-by-letter, for example).
And for this use case, I can’t imagine a huge danger of typing in something that you weren’t intending to type–maybe a copy/paste error, but it’s hard to justify it as a serious threat to privacy.
I’m with you on preferring that it were implemented the other way, but between the moral gray area and difficulty in implementing safeguards, I don’t think there’s much to be done other than practicing caution.