Admittedly I can't think of a way to answer this question, but I wonder how likely it is for a Flash exploit to be included as part of a Flash clip that a user actually wants to view.
AFAIK, I would expect the most likely sources of exploits to be a) adverts or b) phishing sites.
If I'm correct, then NoScript would probably provide better protection than anything else out there (assuming the user hasn't done something stupid like "enable JS globally" or, if there is such an option, "enable non-third party JS globally). Alternatively, the "Ask to activate" plug-in feature would also provide better protection than say Chrome sandboxing.
PS - I realise that in the case of the "phishing site" scenario I mentioned, a user might well get duped into loading dodgy JS / plug-in exploits, but it's (NoScript/Ask to Activate) still an additional hurdle for malware designers to overcome.