How does installing an applet locally affect the applet security model?

If you have a user copy the class files for an applet to be loaded locally (via a file: URL instead of an http: URL), the applet security model is essentially thrown out and the applet can do anything.