If SecurityManager is broken, should we go back to C?
Java on the whole is still more secure than C. This seems like an absurd statement -- except that C code is vulnerable to buffer underruns and overruns, while Java code is not (due to the way memory is allocated and recovered). Most privilege escalations have been related to these two common bugs.
The advance of Java was giving application developers just enough power to write powerful applications without requiring such dangerous tasks as managing memory. The next generation of high-level languages hopes to remove the developer from managing concurrency as well. These measures make us safer, and while they aren't targeted only at security, they often have wide-ranging positive security implications.
As for the client...
Java has a major client implementation that's enormously successful and doesn't use the same security infrastructure. It's called Android. It is the beginning, the end, and the future of client-side Java. Everyone else will use AJAX/HTML anyhow. Who cares about the Java plug-in or Web-delivered client-side Java? Not me. Time to advance!
In another week or two you'll find out Flash is still one big security hole with animation features. Disable it in advance. YouTube supports HTML5 video in supporting browsers (Chrome/Firefox), so you won't miss your latest "Gangam Style" parodies. Frankly, Flash is a bigger and more widespread problem that will take longer to undeploy as a mainstream technology. Just remember, when it comes to security, browser plugins are bad ummkay.
This article, "Web services are dead -- long live REST," was originally published at InfoWorld.com. Keep up on the latest developments in application development at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.