Class loading and permissions
As I read it in the specs applications are prohibited from creating their own class loader instance to load classes. I've based this on the MHP spec indicating that neither signed nor unsigned applications will be given the java permission RuntimePermission granted.
However currently it seems that creating a custom class loader is permitted on the RI. We've also testing this on other platforms and had some success. However others do not seem to allow it.
What is the expected behavior here and what should the RI be doing in this case? Is there potentially a case of miss-configuration or something to that affect that is causing the RI to allow this functionality?