Applets was a good choice, Cindy! Yes, there's sandbox issues involved in doing RMI from an applet. I don't recall anything specifically RMI-related, and I can't think of anything specifically dangerous about RMI compared to other network communications, but I'd recopmmend checking Sun's docs. I've no doubt that the standard rule that no unsigned applet can communicate with any other server than the one it was downloaded from applies, though. A more serious problem is going to be running that applet anywhere off the LAN segment that the server itself resides on, since firewalls commonly block the tcp/ip ports used by RMI and JNDI. Which is why RMI-style action using HTTP tunneling and SOAP is so popular. HTTP is almost always allowed.
Customer surveys are for companies who didn't pay proper attention to begin with.