For me, the odd thing here is that they were already disabling running Java by default, which does a lot to defeat the drive-by download problem. Given that such a mechanism is in place, we already seem to have achieved the main goal you mentioned before: exploits don't "just work".
At that point, making Java "just work as long as you click somewhere to confirm you want it to" seems a reasonable policy to me. As many here have pointed out, reports of the death of Java applets serving useful purposes have been greatly exaggerated.
At that point, making Java "just work as long as you click somewhere to confirm you want it to" seems a reasonable policy to me. As many here have pointed out, reports of the death of Java applets serving useful purposes have been greatly exaggerated.