Flash is almost as big of a security problem as Java applets were, and it's only not as big now because most browsers have started putting Flash in a sandbox.
You straight up don't know what you are talking about. Every browser development team wants flash to die because of the security risks, performance, stability, and usability problems it induces.
The reason the flash market has been shrinking is because browser vendors, starting with Apple have been moving towards deprecating Flash for many years because of these reasons.
And yes, the web has deeply ingrained security problems, but so has every single platform for downloading and executing untrusted code. At least most of the major players are now actively engaged in standardizing and improving the security of the web as opposed to a single company with a fairly atrocious record on application security (Adobe).