Well, according to The U.S. Department of Homeland Security, really not very secure at all! Reuters has reported that Homeland Security is advising "Unless it is absolutely necessary to run Java in web browsers, disable it." This may come as a surprise to you if like most of us Java is routinely enabled in your browser. Moreover, it seems that this isn't a new problem caused by a new version of Java - Reuters quotes Charlie Miller, a computer engineer with Twitter who has previously worked as a security consultant to Fortune 500 firms and as an analyst with the National Security Agency. "It's not like Java got insecure all of a sudden. It's been insecure for years."
If you want to disable Java in your browser consult your browser's help information.
[Thanks to my colleague Clarke Thomborson for pointing this story out to me.]