With a foam bat. Just because the flash horse is dead doesn't mean it didn't deserve it's beating or can't continue to be a potent reminder of how bad Adobe was at handling security issues and why other platforms, like Steam, should learn instead of emulate.
This also has nothing to do with Flash specifically, rather as you said Adobe's policy. It could have been any software but especially for Flash.
Flash was just such a unique special target, ala PDFs and Microsoft word, there were few wide open targets from which a hacker could predictably get the user to open (whether embedded or not) on a targets machine. So it was particularly sensitive to vulnerabilities by design, where a much broader security perspective was clearly needed than most software.
I'd prefer to describe it as slashing a dead horse's rotten corpse with a katana. As the bloat and flesh of the ecosystem has disintegrated we're able to observe the framework more clearly - the bone structure of the horse, if you will. Using the katana we are making precise, incisive blows to the remnants as we extract meaning from it's corpse - or lessons learned, if you will.
With a foam bat. Just because the flash horse is dead doesn't mean it didn't deserve it's beating or can't continue to be a potent reminder of how bad Adobe was at handling security issues and why other platforms, like Steam, should learn instead of emulate.