Bug#267040: gcjwebplugin runs untrusted code without sandbox

[peter green]

>> I can't believe you're actually arguing that the solution against blindly
>> trusting a website is blindly trusting a binary blob.
>
>I would rather use a secure free plugin than a secure non-free plugin,
>but apparently that doesn't exist.  Since the choice is between a secure
>non-free plugin and an insecure free plugin, them I'm afraid I'd go for
>the former because I trust Sun much more than I trust many of the web
>sites I visit.  I'd be very surprised if you can honestly say the
>opposite.

What about icedtea-gcjwebplugin? does that have a functioning security manager? 
(I belive it does but i'm not certain, adding debian-java to cc for comments on 
that). If so then it may be the free "secure" soloution you are looking for.