As indicated here, Mozilla offers several payment models, particularly:
you don't want to bother adding code for payment? then just tell Mozilla your app is a "paid app". Mozilla will take care of all the rest.
What is the risk?
The same as for counterfeit money.
Even if Firefox did its best for making your app installable only from
the Marketplace, you are never 100% sure.
1) the buyer may ask for an immediate refund; or,
2) a nasty hacker may use the manifest from your site.
Checking that your paid-app has effectively been paid is not so complex. Jump to Managing Pre-Paid App for details, and examples of working implementations.
The process is more complicated, because it is your app that originates the request from the user's mobile phone. Encryption is required to insure the validity of the exchange, avoiding most man-in-the-middle attacks.
Although in-app payment has several advantages: your app could be installed for free so that your potential users get some feed-back of what it is about. Then you add optionals — paid — features "à la carte". You could even foresee a mix of the two: a minimal fee to install the app, and more to extend it.
In the section Processing In-app payment, I describe the process in details, with all source code attached in the hope that it will make you implement "in-app" payment in just a couple of hours.