> How is this different from a backdoor in, say, a Thunderbird extension?

I don’t get the argument. Had this been a backdoor in a Thunderbird extension, would it not have been worth reporting? Of course it would. The value of this report is first and foremost that it found a backdoor. That it is on an MCP server is secondary, but it’s still relevant to mention it for being the first, so that people who don’t believe or don’t understand these systems can be compromised (those people exist) can update their mental model and be more vigilant.