"Unless it is absolutely necessary to run Java in web browsers, disable it" advises US Dept of Homeland Security
Read more at SophosQuote:
For anyone who is in any doubt, the US Department of Homeland Security's CERT team has spelled it out in black and white.
Well, when I selected the text in US-CERT's Java security advisory for the purposes of taking a screen-grab, it turned out white on blue.. but you get the idea: