Might want to be careful calling Marianne a borderline liar. She's our host for Cypherpunks meetings at Sun, where's she's in the Java group. The article didn't make it clear that she's with Sun and not Netscape. She's also been coming to Cypherpunks meetings since the beginning, and posts here occasionally.
I apologize for the remark, it was out of line. I don't know who she is, or what she actually said, for that matter. But the fact remains that these sorts of security problems were predicted well before Java was widely deployed. They're serious, and this isn't going to be the last one. An awful lot of people aren't going to patch their copies of Netscape any time soon, either. (A useful feature for Netscape might be a facility that checks periodically to see if a security patch is in order, and displays a warning if it is.) Problems with security are a fact of life. I've made embarassing mistakes that compromised security for some of my users. When that happens you have to come clean, tell the truth, and fix the problem. Don't try to convince people that you didn't screw up, that the problem isn't serious. Don't say things that will encourage users to put off installing a security patch. And don't underestimate the ability of your attackers.