• Called within the server context so they have all the security of the server itself
• Hidden from view and transmission
• May use native security features
• Privileges of servlets can be restricted using Access Control Lists that permit only certain users or groups of users to have access to them