Java applets are programs that can be embedded in HyperText Markup Language (HTML) documents, transported across a network, and executed using a Web browser. Web browsers run on different platforms (PCs, Macs, Unix, etc) and for this reason it is important that applet code be able to execute on multiple platforms. Applets are delivered as Java bytecode and any computer or device that can execute the bytecode can execute a Java applet.
Whenever a program is executed on a computer, the risk exists that the program might do some kind of damage either because it is poorly written or because it is out rightly malicious. A poorly written program might accidentally corrupt or erase some files whereas ‘malware’ (malicious software) may do the same intentionally. Code that is embedded on a webpage is particularly troublesome because it starts running immediately when the browser loads the page. The designers of Java anticipated this problem and came up with two safeguards: Java applets can run at specified security privileges, and they can be signed.
For complete article: What Java Applets Can and Cannot Do.