Re: The next decade...
As far as I can see, the most common security holes over the last decade have been phishing attacks and actual holes-by-design in the matrix of permissions (who gets to write to what). The former is, of course, a particularly pernicious case of the latter, because the end-user generally insists on having far more privilege than they need and then grant that privilege to almost everything they run.
Your advice on portability applies equally to C or C++, languages which have been ported for far more platforms over the years than Java.
RAD in the sense of iterative design requirements gathering makes sense. Applying it later in the process simply makes it easy for management to undermine the assumptions that made earlier design decisions safe. Work out what you want to build and then build it. In that order.
The simple fact is that you can write secure portable code in almost any language. People just don't, and the use of a particular language will not magically change people.
Biting the hand that feeds IT
