I’m curious where the security theater accusation comes from

Closed source ad-block that allows “unobtrusive” ads by default. They also ran a scheme a few years ago that replaced ads on web pages with their own and paid users tiny amounts of cryptocurrency for viewing them.

All this is marketed by them as browsing securely