I almost started a Java project a couple weeks back, but realized the availability of the JRE on certain computers could prove to be a rather annoying obstacle. I took a look at native compilers, posted a thread on the topic over at Java Junkies, but wasn't able to find an adequate solution. So I went back to C++ for that project.
It's a shame really, guess I'll just have to leave Java for another day
The Open Web Application Security Project (OWASP) has released a guide to building secure web applications and web services. It's a very comprehensive paper and is far superior to most security papers I've seen.