The kernel modules usually are signed with a different key. That key is created at build time and its private key is discarded after the build (and after the modules have been signed) and the kernel uses the public key to validate the modules IIRC. That is how Archlinux enables can somewhat support Secure Boot without the user needing to sign every kernel module or firmware file (it is also the reason why all the kernel packages aren’t reproducible).
It really wouldn’t change anything in the long run. Any company that creates a browser is gonna need some form of income and people aren’t willing to pay for a browser. What would be their incentive to continue to work on the browser when they aren’t being paid?