You’re also not blocked from those sites, not on the list, just Flash won’t work unless it’s on the list and in most cases it will try to run the site under a alternative like HTML5 if available.

Mind Windows is pretty much the most used OS with over 85% of the PC market and as such it gets the most attacks from Malware makers.

So they have to take security more seriously than other OS makers who don’t have to worry as much about that intensity of attacks.

Android for example has started to become really used by a large percentage and consequently the number of malware made for it has increased, in Q1 of this year it went up 61% and the by Q3 it had tripled. Showing a rapid ramping up as malware makers started to focus more on it but that still pales in comparison to the enormous number of malware created for Windows continuously.

Mind, RT is mainly for general users who by and large aren’t going to be that aware of what dangers there are online.

They’re also trying to emphasize more energy efficient browsing and opting for HTML5 when possible.

But like I said, for those who still want control, there’s both the hack and the desktop browser and one of the reasons to get the full Windows 8/Pro instead of RT as legacy support also means support of the old rules as well as the new for those who really want control.

So as a compromise they allow Flash for sites known to be safe…

This mainly is only a issue for RT and the Modern UI in general, since it doesn’t allow Plug-Ins but the desktop works as before. So for full W8/Pro you can just use any browser with the Flash plug-in player as you would have before…

Hack is just for those who want more control over what sites are included in the list, but take the risk of exposing themselves to malware if they accept a compromised site.