Because letting your users risk getting rooted is worse than letting them take a risk on a beta release.

No, your security doesn't matter to them a bit. But a risky beta release can give them bad publicity.

Nobody gives a damn about your security but you. Especially not the proprietary software houses. FOSS, at least, usues their own systems, so they have a reason to worry about security.

Any way, this doesn't affect me (yet) because I'm using a different PDF reader (came with the distro) and haven't been able to get Flash working at all.

A disclaimer: I'm not in any way assosciated with Adobe but I do teach courses on Flash (among other subjects).

Flash is a much more complex system than many people realize. Lots of people (including lots of programmers) think of flash as only some small browser plugin that can be used for annoying banners and such. But really, flash is a large development enviroment (and rather interesting one at that). Object oriented programming language (ActionScript) is ran in a full scale virtual machine (complete with garbage collectors and the like) and can be used to view multimedia, manipulate files... It is in many ways a lot like Java. Of course, there are also many people who think of annoying browser applets when they hear "Java" but I doubt I even need to explain why they're silly.

There are three reasons why Flash has all the negative reputation that it has:

1) The ugly history. For example, switch from AS2 to AS3 meant massive speed improvements (Adobe claims that Flash got ten times faster. I might not sign that number... But it got a LOT faster). However, though it happened several years ago, geeks are rather slow to change their stereotypes on this kind of issues. There have been a lot of other improvements like that so Flash is quite different from what it was a decade (or even half a decade) ago.

2) It is used in ugly ways. We all know how annoying it is when websites have a dozen different flash elements (especially if you have 10 tabs open)... But is an issue with webmasters using their tools to create poor sites, not with the tools themselves. It could reasonably be argued that Adobe should give end user more control to protect them from the dickish developers (easier mute, etc.) but I don't think that even that is a given. People who program in C can create applications that are impossible to mute (except at OS level). People who program in Java can create applications that are impossible to mute (except at OS level). We don't say "C sucks" or "Java sucks" because of that, we say "The developer was an idiot. I'll just close this application, then.".

3) It is too easy to create (crappy) applications. I think that Java also suffers (or, at least used to suffer) from this. It is easy to create something that seems like it works, even though it is a horrible mess in the background. So... There are a lot of people who could never produce anything in more demanding languages (like C++) but can create something in Flash. Because of that, many people who create flash applications don't have any background in software engineering, computer science, etc. and that is reflected in the end result.

I consider flash to be where Java was some years ago. A decent concept and a decent virtual machine, though the API is still somewhat messy and too many people still assosciate it with slow and annoying browser applications. It might well be that Flash will die soon but I also wouldn't be shocked if Adobe would manage to conquer new areas and we would see a second era of Flash.

Most of us who are knowledgeable about programmatic structure, syntax, idiosyncracies, faults, and exploits advised Adobe, either formally and directly through communique or informally and indirectly through public message boards, to patch their vulnerabilities about fifteen years ago.

One ring to rule them all? Patch one bug and patch them all? For #$*@'s sakes... you people have more code-holes than Ivory [wikipedia.org] running 300 BAUD and a caller drop carrier with an immediate callback.

The only sane approach is to just assume (sane > CV_assume) that everything you do on modern day networks is compromised, intercepted, audited, and screened by someone with more money than you will ever even count.