This book has had some well known security and Java folks give it praise, but I am less enthusiastic about the book. On the upside the book was prepared in 1996 making it an early entry. It also does explain enough for the reader to understand the security holes without it being a complete recipe for exploiting the weaknesses. The information presented is something that anyone who cares about Java should read and it is not expensive.
My complaint is that the book is short with lots of white space and too many repeats of phrases. It seems to be a few good papers stretched into a small book. There are only six chapters, a FAQ and reproductions of a few CERT advisories. It is not an in-depth look at Java security. I am sure that the authors have much more to give than appears here. The book is still worth reading because the information is useful, it is well written, just understand it is limited in scope. Since the information is about two years old it is somewhat dated. All of the problems mentioned have been, or should have been, fixed, for example at the time of the research Netscape was only at around 2.0. The embedded Java has been improved.
The biggest problems with Java are not the bugs in the code, but rather the design problems. The book describes the security architecture problems with reasonable suggestions for improvement. There is much to be done with respect to formal verification and there is much underway. Until some of the work on the security and cryptography aspects of Java is completed and matured, electronic commerce will not advance as it should. Java is necessary for it, but Java that provides confidence. I am glad these guys are helping out.