Even if there's no unique ID, if you've installed a lot of plugins this combination can uniquely identify you. If you query addon updates daily, they could associate your IP of the day with your "I have installed these addons"-fingerprint.
A debian style update mechanism could solve this, but this would be really bandwidth expensive.
> Even if there's no unique ID, if you've installed a lot of plugins this combination can uniquely identify you
This is a good thing to remember, but I'm not sure it undermines the parent's point. No matter what security you use for anything, you always are exposed to another threat; that doesn't make all security useless. The value of security is to make attacks more difficult.
A debian style update mechanism could solve this, but this would be really bandwidth expensive.