I don't have a preference for Flash over HTML 5 or of HTML 5 over Flash. But, having worked in a few high security gateways and other security areas I do have a very strong fear of the various vulnerabilities in Flash and the many ways it can be used to slip in all sorts of malware and other code. Like a lot of secure business areas, my personal systems are set NOT to run Flash until AFTER the whole code has been checked out by the AV software and I've given it a personal 'go ahead.' This even relates to those lovely little Flash greeting cards everyone else sends around. Some of you would be surprised, and some wouldn't, about the number of times my AV gives back a message that the Flash file code can not be properly scanned or it has some suspected nasty in it.
The end result is I rarely run anything using Flash at all, and the quickest way to get me to exit a web site is to have it heavy with fancy Flash graphics to make it look 'nice' and give me a headache - I even do that when access a site from another's machine. Too much Flash or fancy BS and I'm gone and taking my business to another site.
I suspect the security concerns will be an ongoing issue with Flash unless they make it a fully open source project and hand over all the code - something I doubt will happen.
Keep Up with TechRepublic