Re: The best bit is....
"Next you'll be saying they have insecure sign in pages, 3rd party tracking cookies, missing Alt tags from images, not using https to protect privacy......"
Using Flash on a website does not make that website insecure.
Flash insecurity goes from nasty guys using nasty flash on their nasty websites to you and your browser. Flash insecurity does not go up from those nasty guys to regular otherwise properly secured websites that happen to be using flash. If you're not surfing random porn or torrent tracker or conspiracy sites built by who knows who then you are 99% OK. Besides bad actors on advertising networks you are completely fine with Flash enabled on BBC or CBC or government websites or our very own El Reg. Flash can be a tool for hijacking browsers, not for compromising web servers.
That said Flash is stupid and should die a slow painful death like it is doing, but keep it in perspective people.
Using https on a public website of static pages does not make that website private, nor does it help in any way whatsoever to hide the fact if you visit that website.
Insecure login pages are a major problem for banking websites, but who the fuck cares for a simple discussion forum 8+ characters including upper and lower case and a number and a special character and no dictionary words is simply infuriating.
3rd party tracking cookies are pure evil. Easily blocked, tell all your friends.
Missing image alt tags are quite annoying to the sight impaired, but I can see fine so I only notice them at all on xkcd.
That is all.