The Flash API surface does not include direct host access the way the native application API surface does. That means that while identifying native apps doing "bad things" requires solving the halting problem (and moral philosophy), any ability of Flash applets to do "bad things" is an unambiguous bug. Sure, without a sandbox those bugs are easy to exploit when they exist, but they can nonetheless be fixed.
I wouldn't trust Flash from 2005 against NSO Group from 2020, but I'd certainly trust it against the author of the Melissa virus.
Another way of putting this is that there are two senses of "sandboxed" - one is having a limited API surface and one is using software fault isolation techniques on the interpreter/runtime itself. Flash (and JS) always had the former, even though the latter is fairly recent.
Another way of putting this is that there are two senses of "sandboxed" - one is having a limited API surface and one is using software fault isolation techniques on the interpreter/runtime itself. Flash (and JS) always had the former, even though the latter is fairly recent.