It is hidden in about:config, I believe....

Mozilla explicitly disables about:config in the stable release of Firefox on Android. Works fine in the beta and nightly releases though.

As for why they disabled it, no clue. Just bitter, disdainful speculation.

What good is that? 99.9% or more of users will never visit this page or know what to do with it, much less be able to figure out which knob to toggle.

It's a product design failure to say "blocked because your configuration says so!" and then hide it from settings.

Firefox for Android sucks... but it sucks less then the alternatives, as far as I know

This isn't just Firefox for android. Try visiting a previously HSTS enabled site with a now expired certificate. No option for the user to say "I don't really care that much about the MITM risk, just show me the damned page" even with desktop Firefox. Absolutely mindboggling disrespect for user agency for a so-called user agent.