The class loading mechanism is integral to Java’s security features. Typically this integration is considered in light of the relationship between the class loader, the access controller, and the security manager. However, the class loader is important in its own right. The class loader must enforce the namespace separation between classes that are loaded from different sites (especially when these different sites are untrusted); this helps to enforce the security mechanisms of the Java language.

For sites that need a more flexible security policy, a custom class loader may be desirable. Custom class loaders allow the security policy to be modified as classes are defined; this is similar to (and compatible with) providing a new implementation of the Policy class. However, custom class loaders can bypass the policy class altogether, which means that they can define immutable security policies (though, of course, installing the class loader in the first place still requires that applications have the appropriate policy-based permissions). In certain circumstances, this is easier than modifying and installing a new Policy class.