I think it depends on the IT leaders in a particular company. I'm in a very IT-centric company and for the most part our leadership is very on top of security issues, advancing technology, etc., but where things breakdown are when we serve our customers that, as you said, are still running on ancient systems or infrastructure. Because of our customers dependence on older architectures there are groups within our own company that are forced to work within that older architecture (XP, IE7, 32/16 bit apps). Virtualization is bridging some gaps, but not all.
That clears things up a lot. Java web apps lost its chance to be relevant 15+ years ago. Server side enterprise will generally use a Java/C#/C++ backbone. Python, Ruby, php (even javascript nowadays...) can be used, but at great peril for sites needing high transactions, concurrency and data integrity.
I think some times times it is complacent IT, but a lot of times it is the business unit driving those decisions. I see it every week, it's what I do. I write reports weekly telling some of the largest companies in the world what is wrong with their environment. 9 times out of 10 times the engineers already know most of what I am going to report because they've been trying to get it changed themselves for years. I had one client a few months ago that still had two Windows NT 4 servers with 16-bit applications running on them, even though those applications could be rewritten and compiled in .NET in about two weeks for a few thousand dollars in labor... but they don't want that expenditure on their watch, yet the 16-bit app causes 10 times that cost in downtime and support. The vast majority of the time it is managers making decisions with no knowledge of the technologies in use. Agreed, the transactional database integrity just isn't up to snuff in a lot of web technologies, at least for financial, defense and government standards.
I disabled Java and then uninstalled it completely. I can only think of two sites I visit that use Java plug-ins...and in both cases I can easily get the stuff I want without Java. I also don't need it at work AFAIK. Like others have mentioned, Java has had problems with security for a long time. In that sense it reminds me of ActiveX.
