It's really important to remember that the Java vulnerability only affects the browser based plugin. So, when you say "There are people that use Java to access SQL Server instances, and for those people, I'd suggest you carefully watch your systems, understand the potential issues, and ensure you have good point to point security enabled in your firewalls or routers" keep in mind that every piece of software between the end user browser and the server would need to be compromised. In the enterprise software world, there is usually at least one middle tier, if not multiple tiers, between the end user desktop and the database server.
The worst part about this vulnerability is that users of older versions of IE are particularly vulnerable - making the recommended fixes to disable the plugin requires a registry change.
Microsoft SQL Server MVP
Managing Director - Brent Ozar PLF, LLC