The problem was that the applet was not being deployed as a JNLP applet. A security fix was introduced in 7u25
that was intended to prevent the re-purposing of a JNLP applet via the legacy <applet/>
tag deployment mechanism. This exception indicates that that security fix has been tripped.
The work-around is either to always deploy your applets as JNLP applets, or to use a different variant of the JAR file that does not contain a JNLP-INF
directory.
Note that you may also see this variant if you're signing the JNLP itself rather than a template:
java.lang.SecurityException: JAR should not contain JNLP-INF/APPLICATION.JNLP