Here are some comments from Dennis, which should help convince the customer of the trade offs and risks if such a thing is implemented:
1. If we create a file trusted.resources under C:\Program Files\Java\jre6\lib\security:trusted.file.extensions=.gif,.jpg,.png,
this file located inside JRE install directory, and it is not easy for Administrator to change it for each individual user.
2. Controling the file by extension name is risky, attacker can just rename their file to those extension to bypass our mixed code restricition.
As Jeff already mentioned, this is not a bug. The customer can file an RFE, however, considering the risks involved, no assurance can be made regarding implementation of such a feature.