Programs written in Java have one of two forms: applications or
applets. Java applications are like applications written in C, or
Pascal, or BASIC, and can do the things that you would expect
applications to do. After all, an application such as a word
processor which could not save files to disk or write to the printer
would be of little use. In other words, a Java application can perform
operations that could compromise security.
Java applets are different, in that they are run by another
application (such as a web browser) which is responsible for executing
them in a secure environment, often called a "sandbox". When
running in this sandbox, any Java operations which might compromise
security are disallowed -- in theory, at any rate.
Broadly speaking, applets are secure; applications may not be. When
you visit a Java-enabled website, you are downloading and running
See The first Java virus for