The new system encrypts one's secrets with a function of one's Firefox account password and stores it on Mozilla's servers. That has two effects: one, an insecure Firefox account password (i.e., a password it is possible to remember) can compromise one's entire synced data; two, anywhere one enters one's Firefox account password is a potential danger.
As it turns out, Mozilla serves JavaScript files which are used to handle Firefox account passwords. Any government Mozilla is beholden to could compel them to serve malicious versions of those files and steal one's Firefox account password (and then decrypt all of one's synced data, including passwords). Likewise, a malicious Mozilla employee could do the same.
As a result Mozilla Sync may no longer be used by anyone who cares about the privacy of his browsing history and/or passwords.
As it turns out, Mozilla serves JavaScript files which are used to handle Firefox account passwords. Any government Mozilla is beholden to could compel them to serve malicious versions of those files and steal one's Firefox account password (and then decrypt all of one's synced data, including passwords). Likewise, a malicious Mozilla employee could do the same.
As a result Mozilla Sync may no longer be used by anyone who cares about the privacy of his browsing history and/or passwords.