...
For example, the JVM normally protects private members of a class from being accessed by an object of a different class. When a method uses reflection to access class members (that is, uses the APIs belonging to the java.lang.reflect package), the reflection uses the same restrictions. That is, a foreign object that cannot access private members of a class normally also cannot use reflection to access those members. However, a class with private members but also with a public method that uses reflection to indirectly access those members can enable a foreign object to bypass the normal accessability restrictions and access those private members using the reflectionthe public method, bypassing the expected accessability restrictions. Consequently, unwary programmers can create an opportunity for a privilege escalation attack by untrusted callers.
...