Sure, as said in other threads here -- large companies full of brilliant people can build good RIAs. Small companies full of OK people are suffering.
Java Applets security could have been solved. I'm not even sure what problem you are referring to exactly. With todays web we get insanity of XSSs, CSRF and who knows what else. The only reason these are not killing modern web development is because this hydra has too many heads.
Java had drive-by malware downloads galore. Unfortunately, Javascript isn't immune from this, probably for the same reason: to increase performance requirements, they both JIT code, which allows potential buffer overflows, etc.
This doesn't sound like the full explanation about the security problems of Java applets. It sounds more like a JIT bug. One can fix the JIT to check for out of bounds errors.
What's the real reason Java applets were insecure?
