The decision to transfer Java programs in compiled bytecode form is a questionable decision from a security standpoint. The system might be more secure if Java source code was used instead of bytecode. The use of bytecodes requires the process of bytecode verification to make sure that the bytecode does not violate the requirements of the Java language. If instead Java source code was used, the safety of the code could be ensured by interpreting the source directly or compiling the Java code locally with a trusted compiler. This would be a simpler approach, since the Java compiler is already trusted (the Java runtime system does not perform verification on local bytecodes). The addition of a program that checks if programs in another language (the bytecode) is compatible adds another point of failure to the system.
There are a number of possible reasons for using bytecode. First, it
provides a certain obfuscation, preventing reverse engineering of Java
programs. While this is certainly true, the bytecodes are not
impossible to decompile, and there are other code obfuscation
techniques that manipulate the source directly. Second, the bytecode
representation may be somewhat smaller. Currently, this is not true.
In every current example, including the entire HotJava browser source,
the source and bytecode are almost identical in size. Third, the
process of bytecode verification may be faster than the process of
compilation. Thus, the process of downloading and running programs is
less computationally intensive and provides lower latency. This
argument is fairly compelling, although the Java team has suggested
that they might eventually use a ``Just in Time'' compiler for
computationally intensive programs, suggesting the compilation is not
prohibitive.
A final
argument can be made that the bytecode verifier is a less complex
program than a full compiler, thus the verification of the
correctness is a simpler process. In fact, the compiler does not have
to be trusted since all bytecodes could be verified with the trusted
bytecode verifier (the local code could be verified only once when it
is compiled for efficiency purposes).