We give access to native modules because it's needed for various plugins. There's more info about the security policy there: Plugin repository? - #20 by laurent
As for content scripts, it's always been a trade off - we give lower level access to the app, but we know that it can result in them crashing the app. We have various checks here and there to make it more robust and we can add more over time. There's an issue on GitHub about such crash which I'd like to fix at some point.