Anecdotally it seems relatively common for some user-reported page performance issue to turn out to be caused by a content script running in the context of the page.

As a performance conscious user I generally don't install any extension that relies on content scripts, but I occasionally make an exception for a valuable site-specific extension.  This policy is pretty difficult to implement in practice.  Perhaps we should consider a feature like the following to help users manage the (security and performance) risk of content scripts:

- Have an option (flag for now, maybe graduate to content settings) to disable content scripts by default.  
- The first time a content script attempts to load into a site, you get a page action icon (similar to other permissions) with the option to enable it.
- Once enabled the icon remains in the omnibox to remind you that code in addition to that provided by the site is running on the page.
- The ability to run content scripts (perhaps per extension) is stored in the site settings.  Conceptually this is similar to the UI for plugins (could perhaps even be considered as a type of "plugin").

Thoughts?