Small issue: javascript and java are 2 different things.
Noscript and other such extensions and addons disable javascript.
Rule of thumb: everything online is exploitable.
Javascript exploits are actually pretty minor when you look at the whole experience.
1. The computer you logon from. It could have a spyware on it that sends your data to someplace else.
2. Some one could sniff and scan the data on your wifi and gain information that is not passed through https.
3. The servers where your username / password and credit card details are stored - they could be hacked and exploited. Yes even Google's gmail was hacked by some Chinese hacking agency some time back.
You can take reasonable precautions. But nothing is safe online.
1. Run an anti-virus and a spyware remover once a week automatically.
2. Use a browser like Tor if you don't mind a sub-optimal performance.
3. Make your password long and hard to be cracked.
http://xkcd.com/936/
4. Whenever you're entering your credit card details online, make sure the URL has https://
5. Go through all your credit card statements and bank statements.
6.Enable 2-step login authentication with folks that provide this service. Google does. Most banks do.