My experience with Java portability is extremely good, during 15 years I guess i have less than 5 cases when I have to modify our own code for portability reasons. I mean binary compatibility, no recompilation is necessary. Upgrades were seamless too. However I know that others has worse experiences. Regarding C, I almost never have been able to compile C programs without issues in a new environment.
As a language, Java has the huge advantage of automatic garbage collection. That not only means that I do not have to destroy object at the end of functions, that is not really important. The big thing is that returning newly allocated objects to the caller is the natural way of doing things. This is an issue in C, because it must be agreed on who will destroy the returned object. Java also has a huge standard library, and - except web applications - there is an obvious candidate for everything.
Java has comprehensive runtime information about anything, so tools and frameworks can do almost anything runtime, including generating new code. And they do this nicely, they do not mess with the code unnecessary. There is a precise stack trace in each and every case. There is no pointer arithmetic, so there are no mysterious memory corruptions, ever.
Also, in contrast to the somewhat popular, moronic thinking, Java is very fast and very secure, it is compiled and recompiled several times dynamically runtime and there are no memory leaks. It usually requires more memory than a well-written C program, and its startup is slower, but that is rarely an issue on modern (i.e. not older than 10 years old) machine.
Overall I am much more productive with Java.
In addition "once in a while" does not seem to be very reassuring
Since then I am a follower of the Tao of Backup/
If you are panicking because of the additional possibility of cross site scripting then imagine what will happen when web sites starts to serve ads under their own domain name to avoid sneaky ad-blockers. Of course this would be unnecessary if ad blockers were not sneaky, that is they would send a HTTP header or at least a JavaSript DOM object indicating that ad blocking is ON. Therefore the site could decide what to do: reject the user, offer limited content, offer subscription or micropayment, nothing.
I also do not understand what are you doing on a website like Slashdot which is full with user generated content.
And by the way, I also do not understand how did you come to the great idea that I am completely unaware of cross site scripting.
Advertisers need to make their adds useful to the people. Allow people to specify what they want to know about,
This is exactly what all ad companies try to do. And this is also exactly why many people hate them: this goes against privacy. In order to serve ads which are interesting to you they have to know what is interesting to you...
There are two ways to write error-free programs; only the third one works.