Java Applets should be rather safe, since they works in a so-called sandbox. However, the implementation of this sand box may contain errors. It is recommended to use Sun's original JVM instead of Mixrosoft's MSJVM.
ActiveX is also allowed to do almost anything on the client computer, and is a potential security risk.
Full page view
Erich Prisner, December 2004