Most of the non-technical people I know use the browser that came with their computer and never give it a second thought. I, like many longtime Windows users, started out with Mosaic, moved to Netscape, and then moved to on to Internet Explorer. Unlike many of my coworkers, IE has stayed my primary browser. I have tried most of the other browsers out there, but so far I have always come back to IE.
One of the reasons I stick with IE are the many Web applications I use that rely on ActiveX controls. ActiveX has a bad reputation as a security risk because ActiveX controls are full blown Windows programs running in the context of the Web page. In truth, they are no more (or less) of a security risk than any software you download and run on your computer, be it shareware, freeware, or commercial software. The only real ActiveX related flaw in IE was making it too easy to install and run ActiveX controls without educating users.
Personally I look at each ActiveX control as an individual browser plug-in like Macromedia’s Flash Player. (As a matter of fact, many IE plug-ins are written as ActiveX controls.) Just as you would not download and run games or even browser plug-ins from an unknown site, you should not run ActiveX controls from sites you don’t trust. Unlike Java Applets, ActiveX controls do not run in a restricted sandbox. This allows ActiveX controls to do some great things that cannot be done with a Java Applet, but it would also allow a malicious ActiveX control to do more damage. Does that mean that ActiveX support needs to be pulled from IE? Certainly not. XP with SP2 gives IE all the tools we need to make sure we only run ActiveX controls from sites we trust.