A web application uses a Java applet that stores a password, submitted by the user, in a private property and uses this property in several public methods.

I wonder if it is possible for another Java applet loaded from the same or different web site to call the methods of this applet or possibly access the private property containing the password?

Do different applets run in a same or different JVMs? If they run in the same JVM, can one applet somehow get a reference to another running applet?

The password-storing applet is signed. I work from assumption that the snooping applet that wants to get the password can also be signed.

You can use AppletContext to get a reference from one applet to another. The current applet will have to know what to typecast the result into if you want to call any public methods other than those defined by the Applet class itself.

I think your answer is here. A signed applet can have, with the client's permission, access to outside the sandbox so in theory you might be able to.

Which makes me think -- what if I were to have my (malicious) applet signed? Would I be able to acquire some user data, by concocting the poor user into clicking 'yes'? The question is left as an exercise to the reader (ok, I'm joking here).