People regularly confuse Java with JavaShit, and claim the security of Java is rubbish because JavaShits is. In fact the 2 are VERY different languages, and the only common ground between them is some syntax similarities (but then Java and C++ share a lot of that), and the damn name.
Any and all languages are insecure if the skills of the developer are not up to par.
In fact a very large portion of the worlds banking applications are written in Java, on the front and back end....so go figure.
Please elaborate for us semi-non-specialists. Are you talking about Mono or what?
I am sure Oracle.Sun.Java's crypto primitives work very well (until they don't, because 'Oops ZeroDay LOL').
For non-performance critical applications in FinTech, Java has a lot of benefits.
Generally its performance for regular operations isn't that far behind C, memory management is much easier and there is no risk of overflows, development turn around is generally faster, it can be securely sand-boxed (if you know what your doing) and it is of course multi-platform in the most general sense.
A lot of the top tier financial institutions spend great effort to ensure that the libraries are clean and bug free....its hardcore. They generally run custom library repositories that are based on the standard Java, but with improvements where required (the crypto and math libs for example are way ahead of what is in the standard package). A lot of these improvements are fed back to Oracle/Sun and so make it into subsequent releases.
The guys that work on this stuff are the best of the best, some of which are paid $1000+ per day, which is a small price to pay for the exposure received if something should screw up. If Java was inherently insecure, it wouldn't be used for anything.
I think some of the misconception comes from the fact that the infrastructure topology is dated, but the software that runs within is very solid. There are exceptions I'm sure, but what I've seen working in this field in the past, its very clinical.