"In Java-enabled browsers, untrusted
applets cannot read or write files at all. By default, downloaded applets are considered untrusted. There are two ways for an applet to be considered trusted
1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other
Java programs that know how to load applets.
2)The applet is signed by an identity marked as trusted in your identity database. For more information on signed applets, refer to an example of using signed applets, and to a short description on using javakey. "
above is the comment from SUN about applet, all applets loaded from CLASSPATH are considered trusted?