Java Applets should be rather safe, since they works in a so-called sandbox. However, the implementation of this sand box may contain errors. It is recommended to use Sun's original JVM instead of Mixrosoft's MSJVM.
Javascript has also no access to local data. Nevertheless, most security problems in connection with browsers have to do with Javascript. On the other hand, many web pages use Javascript. If you disable it, many effects won't work anymore. But be careful here.
ActiveX is also allowed to do almost anything on the client computer, and is a potential security risk.
Erich Prisner, December 2004