Cross domain scripting
There were limitations on where an applet can come from and whether scripts can access it from the page. This used to be a problem in Safari but so far I haven’t been able to reproduce it. Currently this test loads 2 signed applets one from the same host and one from a different host. It then calls methods on each one and also has each one call javascript. A discussion about scripting cross domain on safari
The jar of the applets is also marked as a trusted-library. Otherwise a message is shown to the user when javascript tries to access a signed applet. Offical docs about Trusted-Library and Javascript