Java or .Net programs, compared to C and the likes, are not subject to a few simple types of security vulnerabilities - buffer overflows or format string errors.
While this gets rid of some ways in which remote code execution can be obtained, Java does nothing to prevent, for example, any of web application vulnerabilities. It does not help with logic errors either.
