The split has mainly historical reasons. Once upon a time there were export restrictions on cryptographic software in the US.
As a rule of thumb: Stuff related to signatures is found in java.security, the rest (ciphers, ...) in javax.security.
The JRE nowadays comes with the standard security provider bundled in, so JCE is part of the platform.