Hi Alan,
EJB is of 3 types: Session, Enterprise and Message-Driven.
When the first version came out, you had all 3 types - where session beans would have business logic and entity beans will have persistence code. You can also use CMP (Container Managed Persistence) for Entity Beans in which case, you don't have to write the actual insert statements (the container will take care of handling persistence).
Since EJB 3.0, Entity Beans are not used or rather not called Entity Beans, but rather called JPA Entities. It is using JPA in an enterprise environment (note that you can use JPA in standalone apps too). So, technically JPA entities are the new form of Entity Beans.
The stateful and stateless stuff apply only for Session beans. Like I pointed out earlier, Session beans contain business logic which could include persisting data as well as sending a message to a queue etc.
The methods in a session bean themselves support distributed transactions (JTA) - so, if you do persistence with JPA that will be automatically included in a transaction.
Also, invocation of session bean methods can be subjected to declarative security restrictions - that is what the statement about Transactions/Security indicate.
I suggest you start with the
EJB page of the tutorial (latest version).