Hi, Hank.
>Assuming that the major players who design Silverlight, Flash, and Javascript (Ajax, anyone?) sandboxes read the Universal Thread <g>, my hope (which I doubt will be fulfilled) would be that an open standard would be created for sandboxes. True, it makes it easier for the hackers to know what to attack; but since that's going to happen anyway, having it transparent and open to testing is what is needed to make these things work.
Actually, the sandbox in all those is mostly the same: it is the browser itself. :)
I agree with you that there is no need to invent anything else. The problem with things like ActiveX is that they extend beyond the browser and into the underlying OS. Thus, ActiveX only works in Windows...
Regards,