You're only now starting to wonder?
Incidentally security is not an all or nothing pancea. I personally find Java's security model to be far less useful than Perl's taint mode - I'm seldom dealing with untrusted code and often dealing with untrusted data.
And, as I've mentioned before, I'd be curious to see how well a capability-based system would work for some of this. Particularly in a shared hosting environment where it would allow a lot of virtual sandboxing with no effort.
Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)