...
It follows that unprivileged code is not required to be digitally signed and consequently should not be. This conviction adequately respects the guideline SEC00-J. Follow the principle of least privilege. For instance, unsigned applets and JNLP applications are granted the minimum set of privileges and are restricted to the sandbox.
Exceptions
ENV00-EX1: An organization that has an internal PKI and uses code signing for internal development activities (such as to facilitate code-check-in and track developers) may sign unprivileged code. This codebase should not be carried forward to the production environment. The keys used for signing must not be used to ship the products.
...