There is big security hole in Java on the Mac for which there currently is no fix. To be safe, Mac users should disable Java in their web browsers (it needs to be done in each browser separately). Macworld has instructions for disabling Java in Safari, Firefox, OmniWeb, Camino, Opera and iCab.
Before disabling Java, you can visit my site, JavaTester.org to see the version of Java your browser is using. This invokes a very simple Java applet. The source code for the applet is published, it's safe.
Then disable Java, close your browser, start it up again and re-visit the version test at JavaTester.org to verify that Java is actually disabled.
The bug was fixed by Sun long ago, so Java users on Windows and Linux are safe.