Off by default lets everyone choose to turn it on if they're interested. It also might clue in Mozillas devs that if they want people to turn it on, a setting in about:config isn't the only place you should be putting the button.
Off by default is neither removing user choice, nor is it preventing Mozilla from saying they ship with feature X. It is the right way to present it.
> Off by default lets everyone choose to turn it on if they're interested.
It lets more sophisticated users choose. Less sophisticated users however will more likely switch to a different browser the moment a site doesn't work before poking through settings.
I think a better way than a separate setting would be to go in the direction of many software firewalls and present it to the user as a choice when an application requests it as many browsers currently do with the location APIs. This would provide individual domain-level control over what permissions sites are granted by you. I don't know why this sort of policy seems to be restricted only to the location APIs...
Off by default is neither removing user choice, nor is it preventing Mozilla from saying they ship with feature X. It is the right way to present it.