No longer early access, but this still seems the appropriate place for this discussion ...
I see from examining a process with visual VM that Java 9 webstart applications are run with a non-default set of access permissions. Specifically
--ilegal-access=deny
is included, whilst the default for the normal Java 9 runtime is
--illegal-access=permit
I don't have a problem with the different options for web start, but where is this documented?
Richard