I would add to your list that the code is inspectable, and modulo clever attacks within the JVM of the type described in Kernighan's Turing Award talk, it is therefore likely to be free of trojan horses. Jonathan S. Shapiro IBM T.J. Watson Research Center Email: shapj@us.ibm.com Phone: +1 914 784 7085 (Tieline: 863) Fax: +1 914 784 7595