The majority of the security vulnerabilities introduced by ActiveX actually had nothing to do with a prompt. Most attacks were javascript in an html page scripting a well-intentioned ActiveX control that unintentionally exposed a security hole. “ClickOnce” applications can not be scripted against & do not have the same risk of re-purposing that ActiveX controls do. In addition, the ActiveX security prompt has been re-worked in Windows XP SP2 to more user friendly. The “ClickOnce” security prompt follows that model.