The biggest risk in any language is to have developers who do not master the said language. Secure development requires thinking of all "corner cases" and it does not work unless the developer knows what he does at all points. A competent C programmer who does not know Java will do more secure code in C than in Java (and vice versa).
A case can be made that in languages with "strong guarantees", consequences of some programming errors are less dire when viewed from a security point of view. For instance, a buffer overflow in Java leads to an exception and (usually) termination of the offending thread, whereas in C it may lead to an exploitable hole up to a remote shell for the attacker. This makes me a bit less worried when I have to trust developers with Java code than with C code. However, other potential security-related bugs are unchanged between Java and C code (if the code builds SQL statements in a way susceptible to SQL injection, then nothing in Java will protect against that -- to some extent, easy character string handling in Java promotes SQL injection bugs).
Obfuscation is more about maintaining intellectual property than security. It will not prevent attackers from reverse-engineering your code, but it helps in obtaining legal qualification (when using obfuscation, you make it clear, or at least clearer, that you do not want the code to be reverse-engineered, thus making "trespass" more obvious in the eyes of a judge -- but details vary quite a lot depending on jurisdiction). Java bytecode is easier to reverse-engineer than compiled C or C++, but it would be wrong to claim that compile C or C++ is immune from reverse-engineering.