Javascript is the automation language underlaying HTML5 and critical to the function of virtually all e-commerce shopping carts, and many sites will not load or work correctly (ie. YouTube) if Javascript is deactivated. I suppose it is could be possible to use Javascript in an exploit, but no one is suggesting disabling it unless you are dealing with information the exposure of which could cause grave harm to the security of the nation (in other words military Top Secret) — or the corporate equivalent.
Java (with no script) is a full blown software development language that has been found to have vulnerabilities subject to exploitation. Today It is mostly confined to on-line gaming, specialized corporate applications, and some multi-platform open source applications such as OpenOffice. Even better, the vulnerabilities no longer exist in today's version of Java and it is as safe to use as any app or language. But like MacOS itself it is critical to keep Java up to date to maintain security.
