and here's the source.
Never add ~/.hotjava or ~/.hotjava/properties to your acl.write property! If you do, applets will be able to alter your appletviewer properties in surprising ways. The properties file is one file that you want to be especially sure cannot be tampered by outside applets.