Security has also gone unchanged. Unlike the steady improvements in functionality and presentation, security is elusive. A consensus opinion may be that attempts to turn a web browser into an operating system was an unsound idea. Outsized ambitions in web development both, in the making of web applications and the execution of browser interfaces in web browsers, may run counter to greater security.
Vulnerability is natural. Exploit conditions is inherent to progress in technology. I am sure there is great advice available on how to make progress while lowering exploits. I have seen some of that advice in the form of CERT recommendations and OWASP guidance but it does seem limited in effect. Certainly half a million dollars in rewards to those who have proved the existence of security flaws is a great mitigation accelerant.
Good ideas are out there. I even read advice on the same article that compiling an open source browser like Firefox with custom C++ flags would make it harder for attackers since the code signature of the browser would be unique to some of the malware. Brilliant suggestion. Meanwhile, it is not broadly applicable. Perhaps it will be another ten years before the technology catches up to security wisdom. I am optimistic that it will.