The big one was security (or lack thereof) as attackers would abuse plug-ins through NPAPI. I remember a time when every month had new 0-days exploiting a vulnerability in Flash.
The second one in my opinion, is the desire to standardize features in the browser. For example, reading DRM-protected content required Silverlight, which wasn’t supported on Linux. Most interactive games and some websites required Flash which had terrible performance issues. So it felt natural to provide these features directly in the browser without lock-in.
Which leads to your second question: I don’t think we will ever see the return to NPAPI or something similar. The browser ecosystem is vibrant and the W3C is keen to standardize newly needed features. The first example that comes to mind is WebAuthn: it has been integrated directly in the browsers when 10 years ago it would have been supported through NPAPI.
There are multiple causes to its demise.
The big one was security (or lack thereof) as attackers would abuse plug-ins through NPAPI. I remember a time when every month had new 0-days exploiting a vulnerability in Flash.
The second one in my opinion, is the desire to standardize features in the browser. For example, reading DRM-protected content required Silverlight, which wasn’t supported on Linux. Most interactive games and some websites required Flash which had terrible performance issues. So it felt natural to provide these features directly in the browser without lock-in.
Which leads to your second question: I don’t think we will ever see the return to NPAPI or something similar. The browser ecosystem is vibrant and the W3C is keen to standardize newly needed features. The first example that comes to mind is WebAuthn: it has been integrated directly in the browsers when 10 years ago it would have been supported through NPAPI.