...in terms of exploits, anyway. Looks like Java exploits are gaining favor with hackers again lately, according to this CNN article.
1) The browser
2) The plug-in
3) When the browser and plug-in interact
A perfect secure world would have no plug-ins at all, but that is not realistic. We are left as end users to hope the developers of the plug-ins secure their products.
Adobe has come under fire a bit for some of their exploits, but it seems as if they have done a good job (albeit, a reactive job) of plugging up some of their security holes. The report linked above shows that the number of Adobe exploits recorded has gone down, while Java exploits have gone up. Does that mean that Adobe has fixed their problems, or does it mean that Java problems are easier to exploit? That I can not tell you.