Security flaws are often just simple errors like a single line of code out of potentially millions of lines of code. Browsers have them too. Safari has had them:
Firefox's critical vulnerabilities are listed here in red:
Flash ideally shouldn't be as complex as it is (it contains an entire virtual machine for actionscript code) but it needed to be for as long as browsers couldn't handle rich media, which was far longer than necessary.
GIFs are used quite a lot online but they are very inefficient and limited to 256 colors. Before Flash, advertisers put bandwidth-hogging GIFs everywhere. Flash offered full color, vectors, audio and interactivity and it wasn't Adobe that started this, it was Macromedia, Adobe just bought them.
Now we're at a point where Flash is almost unnecessary and looking back, it's clear to see it shouldn't have been as widely used as it was. The one important thing it offered creative publishers as far as most consumers were concerned was DRM video streaming. It also offered animated vectors.
While most people don't experience animated vector content during browsing, it allowed the Zynga founders to create a billion dollar online gaming franchise. This can probably be done in HTML 5 now but they still need to protect code and assets and the people making the most advanced HTML 5 IDE is the same company with the Flash IDE - Adobe.