It’s not that Safari extensions in particular have any more or less access to data than any other browser. Apple just chooses to explain the same access in much more verbose and worrying language.
Nearly every extension has access to the contents of any webpage you visit. In theory, (and probably in practice for some) they could harvest key presses, the contents of password fields, etc. There’s nothing Apple can do to prevent this, or at least nothing that would gain traction given that the current state is sparse in comparison to other browsers.
It’s not (in many cases) that they “require” access to the personal data - it’s that giving them access to your web pages allows them to use whatever data is on them, including things you consider personal. The extensions may not use that data, because they may not need to, but the possibility is there. If in any doubt, don’t install or enable the extension.
The same applies to other browsers, although the warnings they give may not be as stark
The problem with the data ‘nutrition labels’ is that they’re self reported. So they’re only valuable if the developer cares. I can imagine a scammer not really caring if they were caught not reporting collecting all your data. They’re better than nothing but have this limitation. (Google promised to push an update to all their apps with an accurate label months ago and they’ve currently held off long enough for people to have trouble logging in)
Extensions, even more so than apps, is about trust and it would be best to avoid them if possible.
Do you trust the developer who’s made this extension? Or is it open source?
It’s not just a question of which extensions can be trusted in a point in time; that question of trust extends for as long as you use an extension. Both neglect and ownership changes have led to compromises. Given all that happens in browsers these days, the balance of risk vs benefit (for me) leans extremely far to the side of risk avoidance.