And who exactly didn't expect this?

Registrar shows nameservers as the compromised ones still, so I guess that's just on your end.

Who runs java?

Everyone at MIT (required to do a bunch of kerberos related shit)

As if no other software has 0days.

Well, it's just an example. When a page is still compromised, and under the control of someone unexpected, you can't really anticipate the state of the page, and what it might deliver to your computer. I pointed that one out because it's a pretty recent drive-by exploit. You dig?

Seems like someone hijacked the domain.