...
It if often assumed that private methods do not require any validation because they are not directly accessible from code present outside the class. This assumption is misleading as programming errors often arise as a result of legit legitimate code misbehaving in unanticipated ways. For example, a tainted value may propagate from a public API to one of the internal methods via its parameters.
...