Oracle Java 7 Critical Security Hole — Affects Java in Web Browser
Be sure to disable Java (not Javascript) in your web browser as a new critical security hole has been reported in Java 7. (Java 7 is something you’d have to download from Oracle’s web site, but all versions of Java carry risks).
Apple’s code signing is all well and good (mainly a feel-good annoying hassle of dubious value as of 2012), but it’s like locking the doors and then leaving the patio door open, since most users these days do most stuff on the web.