consider blocking remote jar files at Low Security

Mozilla recently blocked remote jar files by default:

https://bugzilla.mozilla.org/show_bug.cgi?id=1215235

Then they had to re-enable the remote jar files again in the release, because users of IBM iNotes (some sort of webmail thing) ran into an incompatibility.

https://bugzilla.mozilla.org/show_bug.cgi?id=1255139

In any case, Mozilla's intention is to block by default again in the future. So when that happens, if not sooner, we should ensure that our security slider is not re-enabling remote jar files at Low Security.