I wrote a question to Nokia: Janne Jalkanen regarding this, and I think it might be useful for other developers to know =)
I’m wondering is if there is any way of assure that a Java Card Applet in the secure element only can be used by a single specific MIDlet, some sort of way to control that no other MIDlet can access or use the Java Card Applet stored in the Secure Element.
Answer, From Janne Jalkanen:
The SE itself is paranoid and treats all accesses equally. So it cannot be limited to a single application.
The only way you could do this is to implement a secure authentication protocol between your own applet and your own midlet - but be aware that if you include the keys in the midlet, they might be compromised e.g. with a debugger.
So the most secure way is to use your midlet as a conduit between the applet and a remote web server, which can securely store the keys and communicate using encrypted connections to the applet.