I hope that is the case. The fewer plug-ins, the better. Right now, if I wanted to watch a video on a web page, it may be in HTML5, it might be HTML+DRM, it may be in Quicktime, it might be in Silverlight, Java, RealAudio, or of course, Flash.
Even if we dispensed with all the plugins and the world magically ran on standards built in all browsers, there are always still security issues. Especially if they give any website it touches full access to hardware, which means it has the option of reflashing firmware or other nefarious tasks. All malware needs is a user context, or just the web browser's context (so it can use the browser for keylogging info in all windows.)
Browsers have to have more thought about security than even firewalls, because they have to deal thoroughly with untrusted, if not hostile code that can try to do anything (jam the CPU, spam dialogs.) The browser in itself really can't do it. It really needs help from the OS for separation, either via policies like SELinux or IE's Low context, or be placed in a sandbox or VM where all writes are virtualized safely away from the rest of the machine.