After decades of semi-ubiquitous usage, Oracle has announced plans to stop providing the Java plug-in for web browsers. It will still be available in the upcoming Java 9 platform, but classified as a deprecated feature.

This has nothing to do with JavaScript, which is a scripting language that web browsers use. JavaScript is not a plug-in, and it's very secure in terms of the machine the browsers run on. Pretty much all exploits that we see either trick the user to download and run a program, have them disclose sensitive information (passwords, identity, etc.) to the wrong people, try to make the browser impossible to use until it is shut down and restarted, or launch a plug-in that is the actual problem. The joke is “Java is to JavaScript as Car is to Carpet” — but that's not true: cars often have carpets.

Java, Shockwave Director, and Shockwave Flash filled in a huge gap in Web standards during the late 90s and early 2000s. Plug-ins were about the only way to access files, per-pixel 2D animation functions, and even access to 3D graphics hardware. Web browsers can do almost all of that now, albeit file input and output is limited to individual files, because you don't want every website to be able to read and write files (and site-specific data lockers with APIs like IndexedDB and Web Storage) on the user's hard drive without the user's explicit control.

As such, browsers are trying to kill off native plug-ins. This could be a problem for games like Battlefield 3 and 4, which (Update Jan 30th @ 7:51pm: Used to… it's apparently been a while. Thanks wileecyte in the comments.) require plug-ins to launch the native application, but the browser vendors have been expressing their desires for quite some time. Even companies that are heavily invested in plug-ins for their products, like Oracle, are finally giving up.