I know Java is considered unsafe, but damn, it can steal files from your hard drive?
Another question, isn't virus/malware protection supposed to prevent keyloggers and malicious Java apps from running? I guess there are always exceptions that can work around those, but as a general rule?
Most "defense" software (anti virus, anti malware) work on signatures. It is a constant battle between hackers exploiting new vulnerabilities and anti-malware software adding those new malware to their detection libraries. No defense software is 100% effective against 0-day threats. Never had and never will be. Now you should still use it but it should be the last line of defense not the first.
Regarding java. Yes it is horribly horribly insecure. If you run an untrusted java app the attacker can do just about anything he could do if logged in directly on your computer. If you have java uninstall it completely now.