What you should *really* worry about are the security holes that you don't know exist, because you can't effectively fend them off.
The web site for the large investment house that holds my 401K requires Java to use the site. That annoys me. While client-side Java is thought to be secure, the use is gratuitous. And of course it limits the users who can make use of their site - why the heck do they want to limit their potential customer base? It also makes it ultra annoying to use over a dial-up modem. Someone's not thinking. They wouldn't broadcast an ad with all the voices pitched about 15,000 Hz thereby ensuring a large percentage of the population would hear nothing but silence.
