My recollection is that the SecurityManager was notorious for being relatively easy to work around. Definitely one of the common questions people had when working on the richer HTML5 APIs was "how is your sandboxing going to be more effective than the Java applet model, given that that's known to be full of holes?"