JMX/RMI offer a rather large attack surface on the JVM and has been source of critical vulnerabilities. We should disable it by default.