...
The use of nested class is error-prone unless the semantics are well understood. A common notion is that only the outer class can access the contents of the nested inner class(es). Not only does the nested class have access to the private
fields of the outer class, the same fields can be accessed by another class in the package depending on whether the nested class is declared public
or if it contains public
methods/constructors. By default, the javac
compiler converts the accessibility of private
methods to package-private (SCP30-J. Do not define nested classes in classes containing sensitive data if the container is untrusted).
...