Signed applet policy as implemented in the
JDK software is a binary (all or nothing)policy Locally-run applications are run outside thethe sandbox, and there is no standard way
to run them in a sandbox
Everything on CLASSPATH is trusted