How is the Yahoo search deal any different than the search deal with Google that they've had for years and years?
And the EME module, good or bad, is not a security hole like Flash. The CDM modules are heavily sandboxed, preventing them from doing anything in the system besides talking to the browser. On Linux, it uses seccomp: https://lwn.net/Articles/332974/
I think the difference is that Google is a superior search engine, so in a world where technology trumps money it would be the default.* Of course, abiding by that would kill Mozilla's bargaining position, and Mozilla losing funding would suck for everyone, but...
* or DuckDuckGo (inferior but privacy conscious), but good luck with them funding Mozilla
