...
An organization that signs its code must not vouch for code acquired from a third party without carefully auditing it. When signing privileged code, ensure that the code is confined to the same package (ENV01-J. Place all privileged code in a single package and seal the package). Likewise, any code that is called from the privileged code must also be bundled in the same package. Non-privileged code can be left unsigned, restricting it to the sandbox. Additionally, any code that is incomprehensible or unaudited must not be signed (SEC32SEC17-J. Create and sign a SignedObject before creating a SealedObject).
...