http://seclists.org/fulldisclosure/2013/Jul/172
For those who consider this TL;DR I will summarize this. Java added the new Reflection API and has a vulnerability that allows for a decade plus old attack to be used against it. Oracle has talked about security in Java being important, but this recent discovery shows in my mind how truly full of shit they have been about this.