Amongst perhaps other pure cloud tecnical issues, I think they need to figure how to make sure no extension will be able to be used for hacking purposes.
I think think this should "just" be like an "Cloud approval" procedure where somone is examining carefully the extension code. Like Apple is doing fortheir apps.... So I assume it will come when the organization and routines are all set.
I don't think it's impossible, just perhaps poses some risks and challenges in the current architecture. At Qonnections this week there was some discussion and preview of a re-architecture of the QS server components to be more modular. I expect that an outcome of this will be that at some point, each launched app will be sufficiently isolated in it's own runtime container that it will be safe to use extensions.