I have no problems with Active X and actually think it's been a boon to the computer world. Just because something has been attacked a lot doesn't mean it's bad. It could mean it's good and very widely used so becomes a target.
So good and widely used that 40-50% of browsers in use in some markets don;t even support it.
It was very useful for in-house business systems, which is why the British government for one is still stuck with IE6 because they can't afford to replace the in-house systems. For this reason, IE6 is still around and holding up the development of the web.
ActiveX was attacked a lot because it had zero security and allowed 100% access to the host computer- yes, it really was that naive, but remember this is a company that shipped an operating system without a firewall. The attitude was "sure, have complete access to the system, see what you can do." Of course it turned out that that attitude meant their systems were getting pwned and they rapidly had to start thinking about adding security. Even after that security was in place, ActiveX flaws allowed computers to be compromised.
In short, it was bad, it's better now (in that its security, although not 100%, at least is much tighter than it used to be), but it's not widely used on the web any more (who can afford to turn away 40% of visitors?), and some of the institutions who have used it
regret it.