Also, probably due to my lack of experience with java security, I lack to see how ProtectionDomain leads to signed jars? Feels more like security manager and permissions thingie then class signer verification to me.

ProtectionDomain has a property "codesource" which contains the information in which jar the class is and the certificate if the jar is signed. Then java.lang.Classloader.checkCerts uses this "codesource" property and checks if all classes it loads, which are in the same package, have the same certs. If the ProtectionDomains don't line up then the certs won't either unless nothing is signed then it doesn't matter. This check is not affected by the SM.