Rich posted a great article detailing a change in Java 1.7u51; namely, the default security level is now "High", and unsigned applets are blocked.
http://derflounder.wordpress.com/2014/01/15/java-7-update-51-blocks-older-network-connect-java-apple...
Let's say you're in an environment where you can't update your Junipers right away, and you want to prevent your users from freaking out/manually adding an exception. Looks like it's really easy to do, by updating the following plain text file:
/Users/foo/Library/Application Support/Oracle/Java/exception.sites
Of course, you could package this an FUT/FEU and deploy it with a simple Casper policy.