WHahahaha! Very subtle. Almost CRied laughing!
Who is #3?
At the moment (well, for a pretty long time), Microsoft. The list is based on a mix of evilness, douchebaggery, (wrong) public opinion, and market influence.
The exploits in question only affect JDK 7, not JDK 6, which is much more secure, to say nothing of more stable.
Ah yes, there were never any exploits for Java 6?
If you have the Java browser plugin, no matter which version, you shouldn't feel safe. End of story.
Also, these exploits only affect in-browser user, so there is no reason to dump any software that is written in Java and runs on your local system, rather than in a browser.
True - no reason to dump Eclipse or Minecraft, you just need to get rid of the browser plugin
. Sure, there's very likely other security holes in the JRE, but if an attacker has reached the level where he's going to compromise non-browser JRE, you've got more serious security issues.