...
- it sufficiently documents that callers must not pass objects of this class to untrusted code,
- trusted callers do not use any untrusted classes that violate this guideline directly or indirectly,
- and, the synchronization policy of the class documents proper usage of its intrinsic lock, that is, when external classes may use the intrinsic lock, and when they may not.is properly documented
Risk Assessment
Exposing the class object to untrusted code can result in denial-of-service.
...