Honest, run Malwarebytes Anti-Exploit to protect against JRE exploits if you're going to run java.
Unfortunately, their free version does not offer protection for java (JRE) but the paid version does. [EDIT:] Thanks CraigB.
If you can do without java, it's one less malicious avenue of attack and is one less thing to worry about. Too many security fixes have been required, over time, and moving to at least a monthly security update period as Microsoft has done, would result in more timely fixes to 0-day vulnerabilities and privately discovered unreported exploits coming down the pipeline, much sooner rather than later.
Until Oracle changes their standard update fix period from every three or four months to at least once a month, I'll pass.