It is storing your passwords in plaintext locally, since this is about passwords that are saved by the user in Firefox's password store (the Saved Logins feature). These can (and should) be protected with a master password, but you obviously need to unlock the store before logging into a website.
They're not storing your passwords remotely, though. They're asking haveibeenpwned which maintains a list of leaked login information from past breaches.
Mozilla are using k-anonymity in their FirefoxMonitor service[0]. This feature syncs from FirefoxMonitor to a local browser DB and checks against that DB. However, I'm not 100% sure what data it syncs from FirefoxMonitor (obviously a subset, but I don't know how that's chosen. I'm not sure if they're using k-anon for requests between the Firefox browser and their own service).
They're not storing your passwords remotely, though. They're asking haveibeenpwned which maintains a list of leaked login information from past breaches.