Won't that open my system up to a potential threat though?
Well... if China has showed us anything, is any system ever really safe?
Oracle has always urged removal of older versions of Java. They even tell you to encourage the coder of whatever program you're using to update their program to work with the latest version of Java. Their official stance is: some Java applications (or applets) can indicate that they are dependent on a particular version, and may not run if you do not have that version installed. If an application or web page you access requires an older version of Java, you should report this to the provider/developer and request that they update the application to be compatible with all Java versions.
The unfortunate reality of abandonware is that this is not feasible or possible unless you are willing to reverse engineer and take it on yourself. The only reason I suggest it is because sometimes it's the only recourse. Java sometimes removes certain features when going to a new version. More often the case, some functions get a slightly different behavior, which breaks some applications that relied on the old behavior.
Older versions of PCGen ran into this - you couldn't switch to the updated version of PCGen and use the official data sets for 3.5e, but the older PCGen showed issues with newer versions of Java. I couldn't even tell you if it would work in your specific instance but it's an available option that has worked for some. It also shouldn't be too big a deal except within a browser environment, which should be using the newer version anyway or, at the very least, can be set to do so.
