This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
Java Webstart allows the distribution of applications from a web server. This application will be able to connect to a website that is different from the website where it was downloaded from only if the code is signed.
Yes I think you are correct. If the application is unsigned it runs within the sandbox and you can only get access to the that supplied the application. If it is signed and then trusted by the user you get access to all resources.