It's difficult to tell, though, whether you can trust the site: the MacDefender Trojan spread through vulnerabilities in sites whose owners were trustworthy, but their sites had been compromised.
Java isn't that widely used on the web anymore, and you will probably know if a site will require Java, so you'll be prepared to allow it. If Java spontaneously pops up when you're not expecting it, you'll generally want to deny it. It's more a question of whether you trust the site and you legitimately expect it to use Java at that point rather than simply whether you trust it in general.