You can use the same approach with DocumentBuilderFactory:
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
...
To make everyone use this automatically, you need to create your own implementation (by extending the one which you’re currenly using; use your debugger to find out). Set the feature in the constructor.
Then you can pass the new factory to use in the System property javax.xml.parsers.DocumentBuilderFactory to the Java VM and everyone will use it.