[iso-8859-1]

Java removed certain classes of errors (memory management). It introduced other (providing an insecure sandbox for applets).

[wolf550e]

I think code execution by insecure deserialization is the big Java security problem now, though I'm neither a security guy nor a Java guy.

[lmm]

It's not like C applets are safer.

[PeCaN]

If we consider NaCl to be "C applets"... yes, it actually is safer.