The biggest flaw in C++ is that its standard is designed-by-committee, in my opinion. Which is why I'm having big expectations for D (being developed by, basically, two people) once it matures a bit.
While "committee" sounds like a great thing, it almost always isn't (look at OpenGL/Khronos for more real-life examples). Design by committee means that although 99.95% of everything that needs to be done is already well-known from the beginning, a lot of people talk for months/years about the remaining 0.05% only so everybody is happy and everybody has the feeling of having had his opinion heard.
What comes out in the end is either bloated and contains a lot of crap that nobody needs, or it misses the points that were already known before the discussion started because some detail was overlooked while discussion about nonsense. Or both.
C++0x took forever to get agreed upon, and then it needed another release to fix the defects so it was kind-of usable.
Meanwhile, the library is full of stuff that at most a handful of people will ever need (and I bet the vast majority of people need to look into the reference regularly because it's so overwhelmingly complex), or stuff that people actually do need but use existing third-party libraries or own implementations because the standard failed to provide something for decades, and what the standard provides now sucks.
I'm a big C++ fanboi, always been... but what I see now is a language that has regex built-in (but any program I write, no matter how trivial, that uses regex crashes with GCC!?!!), it has threading built-in (seriously, wrapping POSIX, guys, what the... no, I'm not going to start on that one!), there's proposals to add big integer and statistic libs and graphic libraries and whatnot... but...
...at the same time, I still cannot even do such a trivial thing as determine how many enumerators an enum contains.
Heck, I'm not asking for a fully-fledged introspection/reflection system. The latter wouldn't work well with C++ anyway. But I think it's not asked too much to be able to query what's already known at compiletime anyway, or what can be done at compile-time. The compiler has this information readily available, yet there is no way of getting to it.
You cannot even find out a type's name (or the current function's name) -- not if you want to do anything useful with it anyway, since the format isn't specified, and whatever the compiler tells you is not a compiletime constant either (you'd think that a function's name or a type name like int or struct foo is darn constant, but it's not). So yeah, you can of course use RTTI, which of course only bloats your executable by a few hundred kilobytes and isn't compiletime-constant either (and the typeid hash isn't even invariant to different invocations of the same executable, which is truly awesome).
There's no way of using a fixed-sized integer or size_t without including a C header first because the committee is afraid to add another keyword. At the same times, keywords are added that are utterly useless 99% of the time. wchar_t deserves being a keyword, but size_t and ptrdiff_t do not. Dude, WTF? At the same time, you are to use them. char16_t and char32_t deserve being keywords, but int16_t and int32_t do not. Guess what, I'm just typing unsigned int when I should be typing size_t. And when someone tells me that this isn't portable -- which happens about once every other week -- my answer is "oh you know what, fuck you".
And then of course, there is that whole load of other C legacy, and pre-C++0x legacy. A lot of WTF features (including the ones in the previous paragraph) exist based on the premise that changes must not break existing code and that it is soooo much easier to fix a header. But some the changes that are in the newer revisions of the standards are so fundamental that they break existing code anyway, so that's hardly an argument. Also, it is ever so often stressed that C++ is not C, but still C++ retains some thing "because C does it". And of course, because one person in the committee will complain if their (probably non-standards-compliant) code will not compile with the newer standard. Which wouldn't work anyway because the 25 year old architecture on which that code is to compile doesn't support the standard anyway for another reason.