So accordingly, ActiveX was a brilliant idea and any web page should be able to execute code in the kernel context, otherwise no meaningful functionality can be provided

The whole problem with wayland is this mistaken absurd belief that the security standards of a desktop are equivalent to those of a website.