...
The data members of class coordinates are declared as private. the The saveState and readState methods are used for serialization and de-serialization respectively. The coordinates (x,y) that are written to the data stream are now susceptible to malicious tampering.
...