Personally, after seeing just how many exploits come in through java I don't think it's wise to even have this hook enabled; it's another attack vector that exists and it's better in my opinion to just not enable it at all.
And, it's not just the number of exploits. It's the nature of the exploits. They're usually very reliable, and often don't even rely on accidental corruption so much as "features that accidentally expose all of runtime memory to the Java sandbox".
Java was iffy in 1998 when it was just the applet sandbox and a graphics context. But today, OS vendors have bridged Java into all sorts of systems code. It's a debacle. Just don't enable it.
Yep, no flash plugin, no silverlight, and no java plugin on my macs. Java is disabled and only used on chrome if I need to use it. Which has been once in a year, and only to get results for the bufferbloat project. So basically, not all that useful outside of clojure/jruby/etc...
