Using Flash is a "big deal" because it puts Flash within Avast's security perimeter. Consider that Avast must run with administrative privileges, which means, in turn, that Flash embedded within an Avast application also runs with administrative privileges [1]. Thus, an attacker probably can use an exploitable Flash bug to gain administrative privileges.
Also, since Flash is (by default) a network-enabled application, using it within Avast increases the likelihood that a network-based attack will penetrate Flash and, by extension, Avast.
Finally, good security practice dictates minimizing the amount of privileged code.
[1] Unless Avast uses special techniques to run it in a nonprivileged context. Developers: does it?