Oh ActiveX was definitely worse, I should know since I was using the internet plenty when it was prominent. My point is, though, that malicious actors still basically control the web. They may not be executing native code without any controls, but that doesn't mean that the modern web isn't still their playground.