This is a reliability measure, not a security measure. The process that plugins run with is not sandboxed and runs with ambient authority. It can read every file in the user's home directory and can open arbitrary network connections. If Flash crashes, then it won't crash Firefox (which is a good thing), but if Flash is compromised then it's exactly the same as if Firefox were compromised. In contrast, if Flash is compromised in Safari or Chrome, the attacker has access to a process running with very restricted privileges and an IPC channel to the browser. To do anything useful, the attacker must use the IPC channel to compromise the sandboxed renderer process, then do the same thing again (though likely with a different vulnerability) to compromise the main browser process (the one that runs with ambient authority). You need, at a minimum, three exploits: one in Flash and two in the browser, to get from a malicious Flash app to a user-level compromise in Chrome or Safari. With Firefox, you need just the first one to do the same amount of damage.