Invoking overridable methods from the readObject() method can permit allow the overriding method to read the state of the subclass before it is fully constructed, because since the base class is deserialized first, followed by the subclass. Therefore readObject() must not call any overridable methods.
Also see the related guideline MET07-J. Do not invoke overridable methods in clone().
...