All clients can be reverse engineered, monitored, and modified

It must be assume that when you deploy Java applets that you essentially releasing all source code with you class files since they are so easily reverse engineered.

Java applets essentially developed as a "view" only when considering the Model View Controller design pattern.

Bytecode_obfuscation can help reduce this risk.