I recently passed v5 exam, but I reckon the v6 exam should cover similar material.
For security you ought to know the following:
symmetric and asymmetric encryption algorithms (eg MD5, 3DES, Blowfish)
characteristics of and when to use JAAS
typical attacks (eg man in the middel, denial of service, sql injection, buffer overflow)
what
applets can and cannot do in terms of security (eg can it access server resources)