I have the same question. What is Java for and what wont work when it is disabled?
Now if you work for a private company and use your browser thru a VPN and that company has spent millions on java apps to do real work (which is my case) then don't disable.
Java is client code, a program on your PC that allows some features of Web pages to work. Oracle uses it for their business application delivery.
The average PC user may not notice it missing.
In fact I’m prsenting a CRP Monday for Oracle applications. Disabling Java is not an option, but will be a discussion point no doubt.
Java is a virtual machine to run programs inside your computer. That can be inside the browser or on top of the OS. If inside the browser the browser can download some malicious code and exploit your box. But to do that you have to surf to a malicious website that hosts that code. If Java is not in your browser but only on your OS, then it means you have to download the code and run just like downloading and running any other application.
Keep in mind there are other VM's and interpreters with vulnerabilities (past and future). Java is not the problem here, it is people surfing to malicious websites and downloading and running malicious code.