I may not have been particularly clear enough about what I meant with Java security vulnerabilities. Java applets run outside the protection of the browser's "sandbox" environment which will give any and all applets access to your entire hard drive. This is something that is not exactly a "flaw" of the design but can and will always be exploited to steal something. Be it your contacts list (which is openly available if you have access to the hard drive), message archives, configuration files, personal settings, bookmarks (which can lead to easily finding personal information). Java applets in themselves are dangerous ground and should never be trusted from sources that you don't know with or without a common or recently discovered "exploit".
With that, Simon you are right, this is all mentioning the latest of the security vulnerabilities and to those who understand what the real message is yes we can turn it back on later once the solution has been installed. To the general public, it is my opinion that they will turn it off and never turn it back on (it's not like any sites they use require it, there's no need to turn it back on for the next potential security risk).
Yes I understand those with higher knowledge of the internet, browsers, computer security and what not CAN contradict what I'm saying but I'm not talking about you. I'm talking more so about the masses, those people who know how to get to a web page and have no clue how it works. Those people account for the greater majority of the world and trying to think of things that would cater to them opens a lot more potential than relying on the idea that people who know better will know better in time. That is to say why should we ignore the phobia's of 70+% of potential players because 30% or so of people will know better and reactivate Java later? This message is more so an idea / personal opinion related to the marketing and potential consumer numbers than it is on the actual technology and it's security (or lack there of).