And what is the problem. If your banks are braindamaged and use an applet, you have to generally authorize them to use that piece of shit Java *once*.
My bank have BankID in sweden, but for me it's installed like a plugin in the browser (it took forever for them to make it even compatible with firefox >4). That plugin calls a standalone application, probably still java but the browser dont get to know that.
Anyway, generally warning people before loading any java applet: "This plugin is insecure" is great.
You may not like the GUI, but java is not secure, you can't say that, it just is not that.
Is the standalone application compatible with Linux and Mac?
When I load an application from my bank I assume it is secure. If the bank itself is compromised then java is the least of my problems.
Requiring permission the first time I run it is ok, but once I have authorized my bank that should be enough.