Applet's View of Java Security:

Applets and other untrusted (or partially trusted) classes, like as "servlets" in Java- based Web servers, or protocol handlers and content type handlers in HotJava, run inside the confines of the application security policy. Like "unprivileged" classes are the type that most Java programmers will be writing, so it's significant to know what the Java security facilities look like from the point of view of ordinary code.

A Security violation is signaled    when  the security   manager throws a SecurityException. That is certainly possible to catch which SecurityException and ignore it, or try a different strategy, and then an attempt to access a secured resource doesn't have to mean the end of your applet. Through trying various things and catching the exception, applets could build a picture of what they are and are not allowed to do. It's even possible to call the security manager's access checking methods directly, so that you could search out whether a certain resource is accessible before in fact attempting to access it.