...
A field that is declared public may be directly accessed by any part of a Java program and may be modified from anywhere in a Java program (unless the field is declared final). Clearly, sensitive information must not be stored in a public field, as it could be compromised by anyone who could access the JVM running the program.
Java software components provide many opportunities to output sensitive information. Rules that address the mitigation of sensitive information disclosure include:
...