In the old days, applets and RMI classes weren't allowed to access any
classes in a package that starts with sun.*. This hack was necessary
to prevent certain kinds of security attacks. (It didn't completely prevent
them, but I digress).

Now the package naming conventions are messier. HotJava, for example, lives
in sunw.hotjava. Licensees customize our code, putting classes in whatever
package they do.

With sun.applet.AppletClassLoader, applets are allowed to refer to
classes in sunw.*. There are all kinds of public APIs there that
they can use to wreak havoc. For example, there's a public static
method that lets them change any system property.

It's impractical to use the old mechanism, so HotJava adopted a new one.
We say that when an applet refers to a class, that class may ONLY
come from the CLASSPATH if it comes from java.* or javax.*. That way,
if an applet refers to sunw.foo.bar, it gets a copy of sunw.foo.bar loaded
by AppletClassLoader, and this class has applet permissions.

RMIClassLoader doesn't do this, so any code loaded via an RMIClassLoader
could attack implementation classes that live under any package other
than sun.*.