In order to disallow unrestricted access to some key functions, MIDP2.0 has a security domain of its own. So applications that require unrestricted access require the application to be signed by a certificate provided by an authorised issuer like Verisign, Thawte etc.
For more information, see Java Security Domains.
The functions that are restricted for the above are filesystem access (JSR-75), PIM (JSR-75), Network connection, Messaging, etc.
If your application is using any of the above API without signing the application, then a number of confirmation popups will be displayed to the user while he tries to access any of the above-defined functions from your Java ME application. This will be quite irritating to the user.