...
- it sufficiently documents that callers must not pass objects of this class to untrusted code,
- trusted callers do not use any untrusted classes that violate this guideline directly or indirectly,
- the synchronization policy of the class is properly documented. Classes that claim to support client-side locking should be used with care.
A client may use a class that violates this guideline, if all the following conditions are met:
...