Mutable classes allow code external to the class to alter their instance or class fields. Provide means for creating copies of mutable classes so that 'disposable' instances of such classes can be passed to untrusted code. This functionality is useful when methods in other classes need to create copies of the particular class instance; see guidelines rules "FIO00-J. Defensively copy mutable inputs and mutable internal components" and "OBJ09-J. Defensively copy private mutable class members before returning their references" for additional details.
...
When untrusted code can call accessor methods passing mutable arguments, create defensive copies of the arguments before they are stored in any instance fields. See guideline rule "FIO00-J. Defensively copy mutable inputs and mutable internal components" for additional information. When retrieving internal mutable state, make a defensive copy of that state before returning it to untrusted code. See guideline rule "OBJ09-J. Defensively copy private mutable class members before returning their references" for additional information.
...
OBJ08-EX1: Sensitive classes should not be cloneable, per guideline rule "OBJ03-J. Sensitive classes must not let themselves be copied."
...