Perry, perhaps you might be interested in outlining how Java designers might incorporate the concept of "defense in depth" that allows for even buggy implementations to have security. again, your criticisms of it sound like they might potentially be ameliorated by a secure implementation of Java. remember, Java is a language, not necessarily an implentation. designers have some way in the way they actually implement the language. an implementation with the zillions of firewalls or whatever you are advocating for the financial industry might actually emerge. but again, the Java designers never claimed that "Perry Metzger will be able to use Java in his mission critical funds transfer application". your ranting against it has decreased noticably in intensity but I don't think it was ever justified in the first place.