Problems may arise if defensive copies of untrusted method parameters are made and security decisions are based on these copies. An attacker can sufficiently bypass security checks under such circumstances. An example of an untrusted method argument is a class object that provides a clone() method but which is nonfinal.
...