It depends.
"I've been doing some ActiveX coding on the side for a couple days, stuff I'm not familiar with, and I'm just flat out _appalled_ at how bad that entire API and design is. I can make an OCX that basically formats your hard drive, stick it on a Web page with a tag, and if your security settings are set low enough, you'll start formatting your hard drive the minute you visit my Web page."
Sounds bad, huh? And yes, from a developer point of view it smells pretty bad. I don't think Microsoft thought too hard about things when they designed it, and it's often claimed that it was a quick and dirty hack to compete with Java and Netscape at a time when Microsoft were losing the browser war.
But the key point there is the caveat
if your security settings are set low enough. An OCX can do pretty much anything that a conventional application can do -
if the user allows it. By default ActiveX is limited (although it has a history of security flaws that break through some of the limitations) but with XP/SP2 it's fairly well locked down unless you decide otherwise. You can give it greater access if you must, and that offers some scary possibilities - including, ultimately, the chance for a webpage to format your hard disk - but is that really any different from logging on with administrator access (as most XP users will) and double-clicking an application that you've just downloaded (Kazaa, for example?). By double-clicking you've just given the application permission to do what the hell it likes to your system.
Me? I turn it off completely. If a website requires me to use ActiveX, i'll go elsewhere
