Furthermore, I'm thinking we'll all be paranoid as forget. This will increase the workload, but the goal is to not let a single malicious mod through.
In addition, any add-on that has even the potential of being malicious ...
I want to stress that. That's what the flagging thing is for. Mod reviewers should be able to put in flags of their own.
Another thing that wasn't really discussed in the topic is add-on updates - they'll use a diff system like git to show only the changes to the code. Ideally, we can have this in a web interface.
For a script only add-on with a measly 2 line update, a mod reviewer could have it checked out and approved in minutes, not hours or days.
Seriously - assuming notifications are working correctly, and optimal conditions,
add-on dev submits update for 2 lines of code > standard automated processing > lower level reviewer receives email notification on mobile device, checks everything out in a web interface, okays it > higher level reviewer gets notification and notices it's only 2 lines and they can probably handle the review while walking between classes or going to the bathroom or something > everything is okayed, theoretically in under 5 minutes.
Admittedly, there's all kinds of gaps in that, but for that little 2 line update I would say the absolute latest it could get approved is 24 hours after submission, which really isn't that long, and is the absolute upper end.