...
Refer to the guideline SEC08-J. Enforce security checks in code that performs sensitive operations to learn about implementing the performSecurityManagerCheck() method. As with SER04-J. Validate deserialized objects, it is important to protect against the finalizer attack.
Risk Assessment
Allowing serialization or deserialization to bypass the Security Manager may result in sensitive data being exposed or modified.
...