Re: Security? We've heard of it
Never heard of a JavaCard "cardlet" (it's certainly not the English term), but I do know that each and every applet extends the javacard.framework.applet class... hence the name.
Again, it is not Java, it is JavaCard, and the VMs are constructed to cater for the vulnerabilities inherent in off-card verification and on-card execution. These smartcards undergo extensive evaluation before being allowed to host credit/debit applications.
This is money we are talking about - don't you think that Visa and MasterCard might have a vested interest in making the system a bit more secure than leaving the bank vault door unlocked?