We're not quite done with Flashback yet. The good news is that the number of Macs affected by the trojan has gone down greatly, but the bad news is that there's a new variant of it out in the public. It's called Flashback.S, and just like the original, it can worm its way into a Mac's home folder without the admin password.
But the new version still just takes advantage of that same vulnerability in Java, and that's already been patched. So if you've updated your Java post-Flashback, there's no