HTML5 is still under initial development. Flash has been around for years. Of course, Flash is the more mature technology. The point of HTML5 is to develop an open standard alternative with comparable functionality (including security). That isn't going to happen over night, and, as with any product, it will take some time to stabilize, mature, and become secure.
The reason HTML5 is important is the open standard aspect of it. Flash is ubiquitous on the web, but we are all at the mercy of a company and their proprietary technology. Believe me when I say that this is a huge risk, because I work full-time on a product that uses Flash as its core technology (www.smilebox.com). When the Flash 10.1 minor revision came out, it broke out product--HARD. And we had no choice but to deal with it and quickly because Adobe pushes hard on the update path in browsers. What resulted was a costly scramble to identify bugs, many of them in the 10.1 player, and adjust our product for the new API.
Mind you, this was in a minor revision, but I can tell you the changes and impact were huge and sudden. That. Really. Sucks. So an open-standard with more transparency is a valuable alternative. And that's where the real face-off is between the two alternatives.