"Even if you know what you're doing, in the worst case you just need to browse to the wrong URL to get instantly owned without user interaction"
You'll have to make a better case. In the exploit in your link, the user was tricked by social engineering, had his computer configured to automatically run Java applets from arbitrary sources, and in all probability was running Microsoft Windows - hardly someone practicing good security.
You'll have to make a better case. In the exploit in your link, the user was tricked by social engineering, had his computer configured to automatically run Java applets from arbitrary sources, and in all probability was running Microsoft Windows - hardly someone practicing good security.