There's "sandboxes" and then there's sandboxes. Native Client uses the latter while ActiveX had barely the former.
It does present a real concern and exposing additional APIs is going to always present increased security risk. That said, having looked a bit at Native Client's sandbox and having examined the findings of the well respected security researchers who examined the sandbox protections, Google's taking a pretty good whack at it and their sandbox itself is fairly sound.
My worry is not with their sandbox, but the additional APIs that they expose with it. (See also: WebGL which now throws your entire GL stack into your web browser as security critical code.)
http://en.wikipedia.org/wiki/Google_Native_Client
It seems to be sandboxed, whereas ActiveX is a security nightmare.