MV3 still allows you to run content scripts, which can inject any javascript into any webpage. From there, you can do anything you want. You can steal passwords, tokens, show popups, redirect, ... etc. Preventing extensions from dynamically modifying network requests doesn't change that.