Apart from the risks inherent from running random programs via a web browser (drive by download etc). I don't see how Java is less secure than (say) a C++ or Python application?
On the client side, Java will check certificates of Applications before executing and even then will ask permission. It also has sandboxing and security policies built into the VM which should be harder to break out of than those imposed on Native code (all else being equal).
On the server side, the libraries are fairly mature (hibernate etc) and are generally designed to avoid classic traps like CSRF and SQLi etc.