Using the click2play option, a page needing JAVA (or any other plugin) requests permission to run it (which I can ignore if I don’t both trust the source and need the service).
This is the only sensible option anyhow when other plugins also have occasional security issues and always take up resources which are best left available to other applications until the plugin is actually needed.
So why has James Fallows joined the latest anti-JAVA panic which has the effect of having people shut themselves off completely from useful tools on trusted sites?