...
More information on correctly handling singleton classes is available in the guideline rule MSC16-J. Address the shortcomings of the Singleton design pattern.
...
Note that the class must also be declared final to prevent a malicious subclass from carrying out a finalizer attack. (See guideline rule OBJ05-J. Prevent access to partially initialized objects.) For extendable classes, an acceptable alternative is use of a flag that indicates whether the instance is safe for use. The flag can be set after validation and must be checked in every method before any operation is performed.
...
Note that this compliant solution is insufficient to protect sensitive data. See guideline rule SER03-J. Do not serialize unencrypted, sensitive data for additional information.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...