Flash has always been a security risk
Along with Java Applets, Flash has always been seen as a security risk. Most secure operations block them on the firewall.
Which leaves us with JavaScript. JavaScript is actually quite secure on the whole. Yeah sure there have been security flaws internal to sites, but really that is because folks have been doing their blogging on the cheap, and these Angelfire type sites have allowed JavaScript to be submitted. What a surprise something that relies on trust does not work when you allow everyone to be trusted under a single domain.
JavaScript is secure to the client, unlike Flash and Applets.
Personally I do use flash for streaming media, but it should never be integral to a site.
This is why having something like ogg vorbis becoming the standard multimedia delivery format is important. Most developers want something that turns the static web into something more akin to a functional networked program, and we need that to be an open format, primarily for security. Java whilst I think it may have become more open, still has a remit that is too far reaching, and it rides over browser security, it can only be used really in intranets.
Security should be the responsibility of the browser on the client side, server side security is the responsibility of the domain holder, so let's tip our hat towards JavaScript.