Firstly, I wish people would not confuse Javascript and Java - they are NOT the same.
Secondly, there SHOULD be no problem with Javascript security. Although most web browsers have some history of Javascript holes (Especially, but not exclusively, IE), this should not be a risk.
In any case, I believe that most web applications which use Javascript should not rely on the ability to script ActiveX controls / Plugins - as this is a major risk in IE, and is now more or less routinely disabled by many.
One of the problems is that many of M$ own web apps rely heavily on the ability to use ActiveX objects scripting - but this can be mitigated by use of zones within IE.
I am quite a big fan of Javascript, if used correctly it can make good applications with very short development times.
One of the main problems is that different user agents have very different ideas about how to take Javascript further - IE has its various extensions, Mozilla has XUL etc, and M$ are planning yet another XML-based browser-based application programming environment.
I've not played with XUL that much, but I think it's promising.
Slarty
