Flash (and JavaScript) should be used as tools to enhance an existing web site, not replace it. If your web site is not accessible to a user who has neither Flash or JavaScript support then you are doing something very wrong.
It appears that there is a new Flash vulnerability that can take over your computer. Awesome.
So how does one protect themselves from such a thing? Well, you could install noscript. It’s a plugin that will disable JavaScript, Flash and other embedded objects from web sites until you explicitly set permissions to enable them for that web site. Noscript won’t save you from web sites that you’ve already set permissions for — so it’s not a catch-all, but it will save you from links to web sites you’re unsure about. And it has the nice side-effect of disabling any JavaScript-powered advertisements.
What this means for you, the web developer, is that it’s time to start assuming the first time people access your web site they will have Flash, JavaScript, etc. disabled. This means you need to make sure your site is still accessible even under those conditions. Otherwise the user will have no reason to trust your web site if he or she can’t access it in the first place. If they don’t trust it they’ll never (well, they SHOULD never) enable script and emedded objects to run from your domain. Thus you will lose customers.
HTML, CSS and text. That should be the core of every web site. Flash and embedded objects to enhance the site, but not to provide the only means to access your content.
That is unless you’re one of a few embedded object kind of web site, like YouTube. But for the majority of us, that won’t be the case. And even so, you can always provide download links to the videos if the user doesn’t have Flash enabled to view them from within your web page.
<strong>TL;DR: Web sites should be accessible even without JavaScript and Flash.</strong>