When I worked for ING-ReliaStar, I took a one-week course in Java at a training center on I-94 west of Minneapolis in February 1999. The company was already planning to use Java for the data access layer supporting its GUI interface, all the data replicated daily to a Unix mid-tier from the IBM mainframe legacy systems.
The company used PowerBuilder for the inhouse GUI for its Customer Service Workbench (GUI). Indeed, during the recession in 2002 (after 9/11 and the dot-com collapse) the job market in PowerBuilder was better than it was in Java.
For Policy Access for external customers (online) I don't recall whether it used java or not, but there were few support problems in that area.
It sounds like a mystery with the Java Virtual Machine hasn't been made more secure.
The idea that home users should disable Java has been promoted since the recent Yahoo! breach was reported.