All applications have the exitVM permission by default whether or not the policy file grants it. This can lead to a denial of service attack when downloaded code is run by the application.