First the bad news...
ActiveX provides developers a way to download small executable objects that can be invoked directly on the user’s machine. ActiveX controls (OCXs) also allow rapid development of applications based on "reusable parts." Unlike Java, there is no inherent security model for ActiveX. OCXs are fully executable pieces of Windows code that have no restrictions placed on them once they reach the client machine, regardless of how they got there. This creates a potentially enormous hole for viruses to travel through as Web pages can cause the download and execution of an OCX with no interaction by the user.
Now the good news (sort of)...
To date, no known Java or ActiveX viruses or Trojan horses exist in the wild.
(Preceding from Dr. Solomon).
While it is extremely unlikely that a PPRuNe advertiser would introduce a virus or trojan this way, having ActiveX in an ad is (IMO) an unnecessary frill, like those bluddy sound effects. Which is why I asked if they had not been banned. Like I said, I'm not going to let them run but I can do without the extra "no" clicks.