`jstatd` no longer requires a Security Manager and policy file. Running with `-Djava.security.policy=` to set a policy has no effect.

Internally to `jstatd`, an `ObjectInputFilter` is used to allow only essential classes to be deserialized over the RMI connection.