Disabling Java in your day-to-day browser and having a second browser for Java needs isn't perfect, but it does offer a lot of protection. It's easier to remember than installing a tool like NoScript which blocks Java on individual pages, but which many non-techie users find cumbersome. (I actually run it in Firefox, as another layer of protection, but I'm a raging security geek).
Another option is to access Java sites only from inside a virtual machine. I run VMWare Fusion (and sometimes Parallels Desktop) and frequently use Windows virtual machines for visiting those non-Mac-compatible websites I sometimes need for work (again, usually old webcast systems). I keep a baseline snapshot of my virtual machines, and revert to those after any risky activity.
We dodged a bullet
For once, being a software version behind worked to the advantage of Mac users, and nearly no Mac users are really at risk from the latest Java exploits. But, as we've seen with Flashback and this recent attack, Java remains a prime target. Thus I'd recommend that all users protect themselves, even if you aren't currently at risk. Disable Java if you don't need it, turn it off in your browsers if you don't need it there, or only use it under controlled circumstances if you don't have a choice.