Twelve rules for developing more secure Java code-Rule 6

Rule 6: Avoid signing your code

 Code that isn't signed will run without any special privileges. And code with no special privileges is much less likely to do damage.

Of course, some of your code might have to acquire and use privileges to perform some dangerous operation. Work hard to minimize the amount of privileged code, and audit the privileged code more carefully than the rest.