Hi Martin,

Running Tomcat standalone isn't necesarily insecure. But there are features that you may want, that are supported by Apache and other Web servers, but not Tomcat. Check out this short thread from the tomcat-users mailing list: <http://www.mail-archive.com/users@tomcat.apache.org/msg36248.html>.

Joseph.