Sure, maybe, but I think if it were FOSS'd back in ~2005, then these security issues could be addressed by a larger set of eyes, including the browser-makers themselves.

If this hypothetical universe happened, I think we'd have had something akin to WASM much earlier. Flash already had its own bytecode and VM, and even had something roughly like Emscripten [1] to compile existing C++ code to Flash.

[1] https://en.wikipedia.org/wiki/CrossBridge