Hello,
1. DBeaver doesn't ship any Java runtime with itself. It uses Java which is installed on your machine. So you may use any JRE later than 1.6.
2. You've been misinformed. Java itself is not a security hole. Security problems may be raised by Java applets in your browser.
DBeaver is a desktop application and doesn't have any relation to web browsers at all. So there won't be any security problems, no matter what JRE version do you use.
Just don't use Java applets and be safe

PS I'll check DBeaver installer to make it download latest JRE from Oracle site. I almost forgot about this feature.
Thanks!