You can actually see how Oracle use OpenJDK by looking at the codebase. The makefiles refer to directory paths including the word 'closed' which are used by Oracle on non-OpenJDK builds to include their proprietary add-ons.
The second sentence seems to contradict the one before, at least in my reading, but you're right that what I said is mentioned; my apologies.
I think the main general takeaway point is not about process or even Java, but that users should avoid having browser plugins enabled that they don't need (and browsers should allow their use to be whitelisted to specific sites). This would reduce the risk of the issues described
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds