The Java sandbox gives an answer to the following question: Can the application do any harm to the phone or other applications in it? Java applications are run in a so-called sandbox, which means that the applications can't use any of the device's native interfaces; only the Java APIs are available. Although this is a disadvantage because software developers can't do everything with Java that they can do with C++, for example, it is primarily a benefit because they know the limits.
In MIDP, there are ways to perform some platform operations, such as making http connections or (in some MIDP 2.0 devices) making a telephone call. It is the platform's responsibility to ensure that none of these things happen without the user knowing about it. Of course, image galleries, contact lists, and calendar information are beyond the reach of developers. The benefit is that hostile applications can't steal the information and send it to Web servers.
Some device manufacturers have added proprietary interfaces for messaging, and so onand these interfaces contain a small risk. A hostile application might try and send short messages and thus increase your phone bill. Usually, the device asks before it opens a connection or does anything that might increase your phone bill.