W.r.t. class loader related change in JDK 9, you are probably safe if you don't depend on the internal implementation. JEP 220  documents the compatibility risks due to the Modular Runtime Image change. A few things worth mentioning:
- the built-in classloader may not be URLClassLoader as this bug reports.
- Custom class loader with null parent
It is the implementation detail if system classes are loaded by null or non-null class loader.
More system classes will be deprivileged. i.e. the defining class loader of system classes may be changed from the boot class loader to the extension class loader. Any custom ClassLoader delegates to null as the parent class loader may run into ClassNotFoundException.  is one example.
 tools.jar no longer exists in JDK 9. All JDK classes are linked into the modular runtime image and visible to the system class loader. it's not uncommon for existing code to create a URLClassLoader to find classes from tools.jar. It will run into CNFE if such URLClassLoader delegates to null. That will be impacted.