Either Apple's Anti-malware system does not work or the article is inaccurate and misleading. I suspect the latter to be the case.
There are three major Java implementation categories, each with its own characteristics and limitations…
applications — stand alone programs that run on the computer such as NeoOffice
applets — that run only within a browser and are not at all the same thing as javascript
Servlets — that run on a server to provide various functionalities
I have several Java applications on my Macs including OpenOffice, NeoOffice, MoneyDance, and others used to access specific devices. All of them are working perfectly and I am scrupulous about installing every update that comes along. Therefore, it would appear that although the referenced article is easily interpreted as applying to all three Java implementations the only ones effected by the OS X anti-malware system are applets. (Thank goodness, because it would take me literally hundreds of hours of work to reconstruct all my financial records to pay last year's taxes if Java were unilaterally cut off, not to mention all my documents that are in ODF format.)
As to alternaut's concern about Javascript insecurity goes that becomes an even more difficult problem to solve as each browser has its own unique implementation of ECMAScript. (Although Mozilla's JavaScript was the original both it and Microsoft's JScript are officially two of the many dialects encompassed by the the ECMAScript standard.) So a vulnerability may exist in the dialect, the standard or, perhaps even more likely, in the particular browser's implementation of the standard. I still run across the occasional web sites that only work if you are using a specific version of Internet Explorer or maybe a Mozilla browser.
If we knew what it was we were doing, it wouldn't be called research, would it?
