Restrictions on what an unsigned Java applet can d

I'm trying to compile a complete list of all restrictions placed on unsigned Java applets (defined as things a normal Java application can do, but an unsigned Java applet cannot).

This is the list I've compiled so far:

An unsigned Java applet ...

Cannot access the local filesystem.
- Cannot access the system clipboard.
- Cannot initiate a print job.
- Cannot connect to or retrieve resources from any third party server (any server other than the server the applet originated from).
- Cannot use multicast sockets.
- Cannot create or register a SocketImplFactory, URLStreamHandlerFactory, or ContentHandlerFactory.
- Cannot listen to incoming socket connections.
- Cannot listen for datagrams.
- Cannot access some of the system properties (java.class.path, java.home, user.dir, user.home, user.name).
- Cannot create or register a SecurityManager object.
- Cannot dynamically load native code libraries with the load() or loadLibrary() methods of Runtime or System.
- Cannot spawn new processes by calling any of the Runtime.exec() methods.
- Cannot create or access threads or thread groups outside of the thread group in which the untrusted code is running.
- Cannot define classes in java.*, sun.* and netscape.*.
- Cannot explicitly load classes from the sun.* package.
- Cannot exit the Java runtime by calling System.exit() or Runtime.exit().
- Cannot access the system event queue.
- Cannot use the java.lang.Class reflection methods to obtain information about nonpublic members of a class, unless the class was loaded from the same host as the untrusted code.
- Cannot manipulate security identities in any way (java.security).
- Cannot set or read security properties (java.security).
- Cannot list, look up, insert, or remove security providers (java.security).