The flipside of course is that Mozilla Corporation is a subsidiary of the Mozilla Foundation (a non-profit)..and as a subsidiary of a non-profit there is more transparency with regard to Mozilla Corp. finances than there is with the privately held Canonical Ltd. If at some point either entity sold user data as a revenue stream which would be able to keep that secret? I don't think Mozilla could..at least not for very long. That sort of revenue would have to show up in the end of the year reports I think. But then again, people would also have to care enough to look at the Mozilla Foundation's financials and ask the uncomfortable questions.
It's also important to note that Mozilla is trying to figure out how to walk the line with regard to web services and data privacy.
The issue of data privacy and terms of service notification in a social desktop context where a diverse set of web services are going to be interacting to provide functionality is going to be a very hard and complex issue. And most likely a moot one unless the very small minority of people who really care about data privacy figure out a way to get the much larger majority of web services users to start taking notice.
Something like the use of a specialized search page is just the tip of the iceberg of what you could get upset about. There's really nothing stopping any website you contact or interact with from sharing (and selling) its website access logs including details about ip addresses.