As I understand it, an extension could also leak its links via its own backend, e.g. to advertisers, who could then detect it even though no user-observable DOM modification is happening.

Much better than static global IDs, but still not ideal.