If java would be more secure, then a decentral webserver would be nice... users upload java classes into freenet und freenet is spreading it to the network... and then some users execute to class files with restricted java policies.
Or more easily: Lets allow java applets on client side. These java applets could be more restricted than normal applets. And then make an api for those applets, where the applets can fetch or upload chk, ssk, ssk,... just another thought :-)
