It is not that Pepper is limited to the performance of HTML5. Rather, Pepper is limited to the same security restrictions as HTML5. There is a compatible security model for NaCl and JS. That's what is different and unique about this plugin model (NaCl+Pepper), as compared to NPAPI or ActiveX.

Microsoft probably won't implement this exact feature, but due to a bug in IE, it is already possible for websites to implement something similar. I added a comment to my blog with details.