Comodo has long tried to find a compromise between security and usability - this is the reason why proactive has not been the default configuration.
Back in version 3, because proactive gave “too many” pop ups, the defaults were relaxed for non-experienced users, a very sensible decision.
However, now that the sandbox has been implemented, there is good reason for Comodo to change their default to proactive security, since defense pop-ups no longer feature anywhere near as much, and since that would seriously boost the protection level.
The fact that proactive needs to be enabled for better security should be advertised by Comodo much stronger (in my opinion), to the extent that either it should be the default config, or there should be big visible stickies on the forums / help files advocating it.
About 50% of all complaints posted on these forums about leak testing are due to users not realising they need to switch to proactive mode for full protection.