Re: HTML5 more secure?
flash bugs + browser bugs + web bugs > browser bugs + web bugs
Jury's out on that. Fact is all the browsers are more robust than they used to be and the plugin architecture is on the way out. But the same multimedia that provides such a rich vein of attack vectors for Flash may also turn out to be useful for anything accelerated API that is more than likely being given privileged access to hardware (codecs, openGL, etc.). Quicktime and Windows Media Player in the past have had their own share of bugs and they are still providing part of the services for the new browsers.
My guess is that the new attack toolkits just aren't as sophisticated yet as they are for Flash, et al. True the new browsers have been hardened in a way that Macromedia could never have thought of when it was adding the bells and whistles, but who knows if that'll be enough? The browsers have one thing going for them in that they don't publish implementation APIs so that are freer to replace an implementation if it turns out to be a turkey. This comes at on overhead of having to agree the API with other interested parties and then make it work. Flash is a victim of backwards compatibility. Back in the day that meant it could add features quickly and keep developers happy and it effectively ended the "install a plugin to what this video" malarkey we had for much of the first decade of this millennium.