1. We haven't implemented some feature well enough.
Actionscript runs in a VM, that's native code. It seems like Mozilla's argument is that the AS VM is buggy and, thus, is/was/could be exploited often, so it's a security liability.
Isn't anyone concerned that this is not the best solution to the problem? What's the difference between bugs in the AS VM and bugs in the JS VM? The JS VM is native code too, I don't see anyone rushing to replace it.
If the JS VM is more mature, then this is just a matter of getting the AS VM to that maturity level. If someone wrote clang while gcc existed for many years, why can't Mozilla focus their efforts on writing a better AS VM, instead of writing an emulation layer?
Given that both AS and JS are ECMAScripts, why can't AS be compiled in a way that allows it to run on the JS VMs?
If the bytecode generated by the AS compiler doesn't match what a JS VM can execute, then, since the AS bytecode will necessarily mimic features available in the language (and the languages are similar), why can't we translate the AS bytecode into JS bytecode?
Also I guess Mozilla would rather trust themselves with security than a third party with a pretty bad track record in that department.
The biggest advantage of Flash is that Flashblock fairly reliably turns it off, so that ads that use Flash for animation don't get a chance to run.
In the absence of Flash, I worry about gobs of marketing JS animating pages with fewer generic ways of turning them off.
I guess you need Flash installed to make Shumway work ?