...
The verification process is automatically initiated unless the -Xverify:none flag is specified on the command line. On Java 2 systems, classes loaded by the primordial class loader (that loads classes from the boot class path) are not required to perform bytecode verification. The verification is automatically performed when a classloader loads a class dynamically.
Risk Assessment
If the bytecode verifier is not applied to all code then code could be loaded into a java system that does not conform to the Java Language Specification. This code could bypass checks that are normally expected to be performed by Java code, thereby compromising security.
...