I still don't really understand why you need to give a web browser the ability to install software or format a hard drive.
You don't. My memory is a bit vague, but ISTR that when it needed something to fight Java with Microsoft added some internet functionality to the fairly awful OLE and morphed it into ActiveX. OLE had a reason to be able to access the operating system (it was used by VisualBasic) but ActiveX inherited it - and so ActiveX essentially is a Windows program run from a webpage, it can do anything a Windows program can do.
The real problem with ActiveX security is that there pretty much isn't any ActiveX security. It wasn't really necessary when it was OLE. There are two things you can do about that - one is to impose restrictions on what ActiveX can do (i.e. by turning it off) and the other is to sign ActiveX controls so you know they're trusted. Unfortunately code signing doesn't work too well - both because Windows can be told to autoexecute signed ActiveX controls regardless of who signed them, and also because just about anybody can get a certificate in any name they pick (for example, someone was recently issued a certificate named as Microsoft Corp.). So the best thing to do is turn it off.
Incidentally, I found one example of a webpage that included a signed ActiveX control that would would autoexecute and shutdown Win95, so you can do some annoying things with it.