Nothing in life is completely secure; Java is no exception. Several specific security problems have been discovered and fixed since Java was first released. If you're using an up-to-date Web browser, you are usually safe against the known attacks. However, nobody is safe against attacks that haven't been discovered yet.
If somebody says Java is safe because "hackers aren't smart enough to exploit the problems,'' don't believe them. We're disappointed that some people who should know better are still spouting this nonsense. We've discovered several security problems, and we're pretty sure we're not the smartest people in the world. If one group of hackers creates a Java-based attack and shares it with their friends, we're all in trouble.
There are two classes of security problems: nuisances and security breaches. A nuisance attack merely prevents you from getting your work done - for example it may cause your computer to crash. Security breaches are more serious: your files could be deleted, your private data could be read, or a virus could infect your machine.
If you are the victim of a security breach, any data stored on your machine may be read or corrupted by a bad guy. If you've got important company secrets on your computer, maybe you should surf the net on another machine.
In the not-too-distant future, your computer may be able to digitally sign documents that are legally binding, just like your paper signature. Your computer may also be able to spend your money. In a world like that, security becomes even more important than it is right now.
So far, there have been no publicly reported, confirmed cases of security breaches involving Java, though there have been some suspicious events that might possibly have involved Java security problems. Of course, the lack of reported cases is no guarantee that there haven't been breaches that either weren't discovered or weren't reported. But it does indicate that breaches are rare.
You're at risk if you're running a Java-enabled browser and you visit a Web page written by a person you don't know or don't trust. Since the two most common browsers, Netscape Navigator and Microsoft Internet Explorer, are Java-enabled, most people surfing the Web are at risk.
You can reduce the damage caused by a potential security breach by taking common-sense precautions like backing up your data frequently and keeping sensitive data off your Web-surfing machine.