True, you can do similar things with Java but, as you said, ActiveX has a terrible security track record. The formatting hard drive point is a very extreme example. Hackers have found it relatively easy to use security holes to install all kinds of junk on to Windows PCs. Until the recent XP patches, IE was quite happy to just install a plugin without notifying the user under the default security settings.
I still don't really understand why you need to give a web browser the ability to install software or format a hard drive. Sure it can be convenient, but downloading and installing plugins manually doesn't take much time at all. And you only need to do it once when you install the web browser.
Microsoft has had some good ideas. They just have trouble with implementing them.