[zeveb]

I'm actually a bit conflicted about this. The nice thing about Flash-based media is that one can disable JavaScript (thus increasing one's privacy) and then enable Flash only to view a particular video (e.g. on Amazon Play); with JavaScript and HTML5, one generally has to enable JavaScript for the entire domain rather than a single video on a single page.

Why would one want to disable JavaScript in the first place? Privacy & security: why enable a site to execute random code on one's own machine when all one wants to do is read some content?

[deelowe]

Flash has had vulerabilities and executes arbitrary code as well... What's the difference?

At least with javascript, there's only one attack vector (the browser itself). Flash requires a plugin to work properly.

[zeveb]

> Flash has had vulerabilities and executes arbitrary code as well... What's the difference?

It sure has! But it's nice to expose oneself to vulnerabilities only when absolutely necessary (e.g. to view a single video), rather than for every page currently loaded for a site.

[TeMPOraL]

> Why would one want to disable JavaScript in the first place? Privacy & security: why enable a site to execute random code on one's own machine when all one wants to do is read some content?

There are many reasons. Another is this: on most webpages (i.e. places you go to read text and maybe images and some videos; as opposed to web applications), JavaScript is an unnecessary waste of processing power, that only makes it harder for you to read in peace. It doesn't add value for user, so there's no reason to have it running in your browser.