Yeah but that's because Mozilla loves javascript and NaCl provides a working alternative.

How is NaCl not just "Google's version of ActiveX"

Here's an overview:

http://static.googleusercontent.com/media/research.google.co...

NaCl runs in a sandbox

it's secure and open source.

Nothing is "secure".

It's more secure than JavaScript, which is a start. Dropping the need for just-in-time compilation while gaining performance is nice.

When has JavaScript itself (and not the APIs, unless it's a JS-specific problem) last enabled an exploit in a major browser? I can't remember it.

Meanwhile, here's a NaCl sandbox escape exploit from March: https://www.exploit-db.com/exploits/36311/