Are Java Web Application Secure?

In short, no!

Cross-site Scripting (XSS),  Injection Flaws, Malicious File Execution, Insecure Direct Object Reference, Cross site Request Forgery, Information Leakage and Improper Error Handling, Broken Authentication and Session Management, Insecure Chrytographic Storage, Insecure Communications, and Failure to restrict URL access

Read all 'bout it in this serverside article.