Safemmm is a compromise between browser extension facilities and security. The essential design decision here is that we wanted to give full navigation to applets. As a consequence, any information made available to an applet can be sent on the network (by issueing POST requests, or even by encoding the information in the URL of a GET request). Thus, all efforts are taken to protect confidential information that may be available in the browser.
An applet has access to documents residing in the cache, except when the document was protect by HTTP authentication, or when the document has a file: url.
Informations such as user name, user id, machine name, environment, etc... are not available to applets.
Some possible problems have nevertheless been identified: some sites offer uncontrolled gateways to mail and news systems through CGIs. This will cause the same problems as unprotected SMTP or NNTP servers, in the sense that they can be abused. The difference is that usually, the user willingly abuses of such services while here an applet will abuse the service without the user being aware of it. A possible workaround is to limit the destinations of requests emanating from applets, but this is tricky to implement correctly (because of possible indirect requests).
Note that current browsers already present this kind of risk, since the <IMG> element is a form of uncontrolled navigation.