Security of Java takes a dangerous turn for the worse, experts say (ars technica)

The "check for common malware infections and to fingerprint the computer" is one reason why I always run BankID in some kind of sandbox. I presume that as an implementer one can always make an argument for sniffing around on a person's computer for "security" reasons and to "look after them" in this way, but it's obviously intrusive especially when the actual operations being performed are kept secret (reverse engineering notwithstanding).

The dialogue that gets shown when one has to accept the elevated privileges of the signed applet under certain versions of the Java VM says it all when it tells you that the applet needs access to your system including your webcam. Naturally, the webcam thing is an artefact of Java's "cool" multimedia past, but in this situation it just underlines the creepy nature of a banking login mechanism wanting to poke around on a user's computer.