Some Java books show RMI code in which the security manager is set to RMISecurityManager on the server side of an RMI application. Is there any reason to invoke RMISecurityManager on the server side of an RMI application?

There really is no reason to set the security manager to RMISecurityManager if an RMI program has a purely server role on all its communication links. RMISecurityManager (and user-defined security managers obtained by extending RMISecurityManager) are for subjecting the dynamically loaded classes by a client application to security control. If a client does not need to dynamically load any classes from a server (or any other remote source), there is no reason to use RMISecurityManager on the client side either.