sounds like a bunch of FUD (Fear, Uncertainty, and Doubt) if you ask me. FireFox is my primary browser mainly because of tabbed browsing (it's not necessarily more secure... see the spoofing vulnerabilities currently present in Bugzilla and reported in most security forums).

Here's a way to do a simple almost fool-proof test, compare hashes of the DLLs. There are products that do this, but you could write say a Perl script to do it, too. Take hashes of any .DLLs in the critical directories (%WINDIR%, %WINDIR%\System32, etc.) on a system without FireFox. Store those values away. Then install Firefox. Take hashes one more time and then check to see what values changed. If your consultant claims FireFox changes the .DLLs, he should have some sort of evidence like this. And if he/she goes into saying well you can't rely on hashes because they've proven collisions are a lot more predictable, that's correct but no one at this point has found a good means to do so unless it's intentionally engineered.