The Mozilla Foundation, Opera Software and Apple Computer--all browser makers--said on Wednesday that they have teamed up with plug-in vendors Sun Microsystems, Adobe Systems and Macromedia to revise the way plug-ins run in non-Microsoft browsers.
Ultimately, plug-in depends on trust and it has long been proven that you can't trust a plug-in.
"Plug-in" and "ActiveX" are not synonymous.
When Microsoft replaced the Netscape JVI (Java Runtime Interface) in IE 5.5 SP2 and IE 6.0 with the ActiveX Java/COM Interface (instead of the proposed Java Native Interface) security went the MS way (can you say "swiss cheese"?):
advanced garbage collection algorithmns are (almost) impossible to include. (sounds like Windows clutter, doesn't it?)
native code has access to public methods and fields.
inability to access private fields.
inability to raise general exceptions.
unable to deal with overloaded methods.
case insensitive in matching method names.
all classes and all low-level native methods treated as software components.
So we are returning to "plug-ins" and leaving "ActiveX". About time. Stated goals are great. Hope they turn out as good.