People click through certificate warnings all the time, mostly because they don't know or care what it means. I don't think the scenario is as far-fetched as you seem to think it is.
Before going into panic mode, try to analyse what you have here. End user has to manually accept a self sign certificate from "Apple" for a Java application. One has to be very dumb to do that.
You cannot protect ignorant people, even if you like.
Difference here is that you only get infected if you explicitly allow malware to run. In MS world you get infected without even knowing it.