Well. Where credit is due having control over which sites are able to run Java through Group Policy will definitely make some people sleep better at night.
It's bloody annoying having to install this heap of junk just for that one website which requires it.
And quite a few of us should be more than familiar enough with such a scenario.
However... this is of course Oracle we're talking about and it really wouldn't surprise me to see a vulnerability surface which could either tamper or circumvent the trusted hosts lists.