The other side of the story
So I guess its no big deal that most of the popular browser have had recent critical security exploits:
http://www.theregister.co.uk/2013/03/05/google_chrome_pre_pwn2own_update/
or that Windows is still riddled with security exploits
http://mobile.theverge.com/2013/2/13/3983846/googlers-found-over-50-percent-of-the-bugs-in-microsofts-massive-update
It is my opinion that Java/JavaFX kicks HTML5's butt when it comes to performance, capability and maintainability:
http://download.oracle.com/otndocs/products/javafx/2.2/samples/Ensemble/index.html
http://jfxtras.org/resources/java/Ensemble.jnlp
http://goworldwind.org/demos/
(Of course, many of you won't be able to see these demos since you have been manipulated into disabling Java.)
The truth is that any software that is exposed to the network may have a critical security vulnerability. Every time that software is touched, another vulnerability may be exposed. (Remember how a simple buffer overrun exploit was used in the Unix "finger" program to bring down the internet in the 80s'?)
At least Java was designed for security from the beginning and has more of a chance of being secure than most other networked applications. Java 7 was a big change from Java 6 and will have some short term hiccups. The nice thing about Java is that it is open source so the vulnerabilities will be discovered quickly as thousands of hackers, developers and security firms probe through the source code. (i.e. Java doesn't rely on security through obscurity.)