Putting the IP address of the database server is preferred; localhost should only be used for quick & dirty local tests. It's unlikely that you'll deploy an app or database on localhost.
This is a very bad idea. No applet should have direct access to a database from the internet. All that data is exposed.
A better idea is to put a servlet in-between the applet and database. Deploy the servlet by exposing it to the internet; put the database behind a firewall and only open its port to the servlet. Let the servlet handle authentication, validation, binding, and interacting with the database. Users will be much better off with this design.