Microsoft thought ActiveX was a good idea because they built Internet Explorer out of OLE and COM. Everything in that era of Windows was built to be embeddable and composable - "compound documents" being the original design goal. If you needed to stick, say, a video into a web page, COM/OLE was the obvious way to do that on Windows in 1996. It's not any different from, say, early Firefox extensions being built out of XUL - in fact, I recall XUL extensions for Firefox that would literally add ActiveX support back in. It wasn't until Chrome came along where extensions didn't get to muck about with browser internals.
You can exploit in both native and browser contexts. Most jailbreaks nowadays are assisted by a native application that you dev-sign to deliberately pwn yourself with. In the past we had websites that you could use to jailbreak with. Both are sandboxed environments with significant attackable surface area, so one is not necessarily more trustworthy than the other purely on measures of exploitability.
You can exploit in both native and browser contexts. Most jailbreaks nowadays are assisted by a native application that you dev-sign to deliberately pwn yourself with. In the past we had websites that you could use to jailbreak with. Both are sandboxed environments with significant attackable surface area, so one is not necessarily more trustworthy than the other purely on measures of exploitability.