Still no bloat I would say. The extension is not 100% needed but "only" recommended for EAM users since it adds to the phishing protection. The existing surf protection based on DNS-requests will still be available. (And of course is still needed to block network requests by malware.) The extension is also only ~90KBs.
What would be bloat imho and much more invasive is adding some sort of MITM, deep packet inspection, intercepting SSL-certificates in the browser and stuff.