We studied doing this for Flash as well. Check out the user research study. We determined that the vast majority of users would merely be annoyed by making Flash click-to-play, and we wouldn't actually be improving security or performance for most users.
As noted in other comments here, you can mark Flash as click-to-activate yourself in the Firefox addons manager, or get more fine-grained control over which Flash actually runs by installing an addon like Adblock.
Our long-term strategy is to make it so that nobody needs to use plugins by adding new web APIs; to reimplement content like PDF and Flash in JS so that we can have control over the performance; and to use the mobile web as leverage to get new sites to use native HTML APIs like <video> to wean the world off of plugins.