Java should never be considered to be safe at this point. It has had countless security holes that have been repeatedly exploited over the last couple years (at least), one of which was responsible for around 600,000 Macs being infected with the Flashback malware last year. Recently, it seems that every time Oracle fixes one vulnerability, new ones are discovered less than a week later. (This has literally happened twice recently, with new vulnerabilities being discovered just a day or two after the previously known ones were fixed.)
So, avoid Java if you can. If a site is not essential to your life somehow and requires Java, skip it. Boycott it. If there are sites that are essential to you somehow, use them only in a separate browser with Java enabled, and use that browser for nothing other than those specific sites. Use a differen browser for everything else, and keep Java disabled in that browser.
Simple? Don't install Java on 10.7 and later. Since it's also been widely attacked, you might not want to install Adobe Flash, or — if it's installed — you might want to deinstall Adobe Flash.
Somewhat less Simple? Shut off the Java JVM web plug-in in each browser you have, and leave it turned off. Disabling the Java JVM web plug-in in Safari doesn't prevent you from running (for instance) Minecraft locally, it just blocks the path that the Java attacks have recently been using to breach Java.
Less simple? Install and use a plug-in manager — plug-in blocking tool — to prevent access to Java and Flash, and only allow it for content you need. One of the available Safari extensions that provides this block is ClickToPlugin. You'll need one of these for each different web browser you use.
Reports that SpeedTest was breached appeared recently, and that site was reportedly serving Java malware, so filtering by a trusted web site can potentially get you in trouble, if there's a Java attack active, and if the attackers have breached a server you use.
Extensions like ClickToPlugin cannot actually protect you against all Java applets. There's a note about this on the ClickToPlugin page.
Edit: Under the Overview of Features section, you will find the following note:
ClickToPlugin does not block
<applet>elements. These elements are used to embed Java applets into web pages and launch a Java plug-in. The reason is that they cannot be blocked.