How Dangerous is it to run PEE Mail?

You might have read a lot about Java in the news and particularly the dangers involved of running Java programs. However, these claims are frequently lurid and out of context. Let me try to shed some more light on this. There are two main categories of programs nowadays, so called "web applications" and "desktop applications".
Desktop Applications

If you download and install a program, for instance by running a setup.exe, this is most likely a desktop application. Such an application will run without any limitations on your computer and it can do whatever it wants to do, because you've installed it! If you do the same with a Java application, the situation will be the same. The Java program will have the same permissions to run as any other software and it can do both harm and good. In fact, Java would be less bad than native applications, because a user could use so called policy files to restrict any Java application in its capabilities. Unfortunately, SUN created that feature so complicated to use that in practice no average user will ever be able to use it...
Web Applications

Web applications are programs that get distributed and started over the Internet. Well known frameworks are for instance Adobe Flash, Microsoft Silverlight, Java Applets or simply HTML5/Java-script running in a web browser. A web application has a lot less permissions than a desktop application and it normally runs in a "Sandbox", i. e. such an application has only very limited access to your computer or the Internet.
Java Web Start Applications

A Java Web Start application on the other hand is a very special case. It can be both, a web application and a desktop application. JWS is just a mechanism to distribute software and updates. A Java Web Start application will run in a sandbox like a web application if the user grants only very limited permissions. If an application requests full permissions (like the PEE client) it will act like a desktop application.
However, A JWS application has to be digitally signed without exemption. Which means that you as a user exactly knows who authored a program and who you can hold accountable for it.

And this is where it all ends: you need to trust the author of a program if you want to use it. So if you want to use PEE Mail, you need to trust me that I won't do anything bad. If you want to use for instance the FireFox browser, you'll have to trust the Mozilla Team and so on. However, if you don't trust the author of a program, there is only a last resort:
Compiling from Source

If you are one of those guys who are really paranoid and you don't trust anyone, your best bet is possibly to download the source code and to compile it yourself. You'll find the source code for the PEE project in the protocol section of this page. This solution is only suitable for people who know how to compile and run Java code.