Here is a great article of a programmer (Brian Hook) who was testing Active X and how secure it is. I have to agree, I created an active X object a while back and found that there were some inconsistencies from what I thought it would do vs what it could do.
http://bookofhook.com/phpBB/viewtopic.php?t=387
He brings out a good point. The quantity of machines out there, that are connected to broadband and have some type of spyware or software loaded on them is very high. With some simple code you can then install some type of program that will make that machine a Zombie (Definition). Some people stand to make some money if they drive traffic to their site with banner ads. All it would take is someone to drive traffic to a site with some high paying banner ads and these zombie machines can be turned into a profit center. I have not heard too much of this being done, but what is to stop people from doing this?