Can we all just finally admit that not only isn’t it secure, but you can drive a semi truck through its security holes?
Unfortunately, many of the kvm-over-ip stacks still use it. So you have these embedded web services things to talk to your java client, your horrifically insecure java client, to ship bytes out over the network to give you console.
Can we all start demanding an end to these? Lets get them on HTML5, and finally, and completely, remove Java from our machines? Sort of like flash? Make it go away? Please?