During the recent kerfuffle over yet another Java zero-day vulnerability, I saw that Carnegie Mellon CERT advised everyone to disable the Java browser plug-in. However, there are users at my company that need Java outside the browser setting. Will just disabling the browser plug-in ensure Java is secure otherwise? If we roll back to an old version of Java, would it be safe to keep the plug-in installed?