As a heavily invested Java programmer, I see dark clouds on the Java horizon. Is seems like Java has entered the center stage for security bloopers on the web these days, and rightly so. Any web-friendly technology that gains the unwanted interest from cyber-criminals, will suffer the consequences of bad press. The last poster child for bad security press was Microsoft, which seems to have learned it's lesson, if we accept the security press and advisers take on it.
Every technology have weak spots, security vulnerabilities are probably the worst to handle. Regardless good intentions and efforts of the industry backing the technology in focus, the only solution is to fix it, or discontinue web-support altogether. Oracle have in my opinion done the Java community a big disservice by doing neither. They continue to prove security advisers right, by really bad press handling and slow and meager progress on patching known security vulnerabilities. Does Oracle believe in Java Applets any more? I don't think so, and I agree with them. According to trends.builtwith.com, Java Applets are only used by 0.1% of the 10K most visited and most well known websites on the web (0.28% for top 1M). Compared with the competition, the similarly outdated technology Flash (7.5% on 10K, 10.9% on 1M), these numbers speaks for them selves. Java Applets are dead, and are dragging the rest of Java community down the drain with it.
I deeply sympathize with all the applet users out there, which are deeply invested in Java Applets, but it is time to let it go. You are killing Java by forcing Oracle to continue supporting an insecure and really outdated technology. There are good alternatives, even Java-based ones, that replace almost all of Java's Applet functionality.
And Oracle, please discontinue Java Applets! Don't kill Java for a meager 0.1% market share!