Problems may arise if defensive copies of untrusted method parameters are made and security decisions are based on these copies. An attacker can sufficiently bypass security checks under such circumstances. An example of an untrusted method argument is a class object that an object instance whose class provides a clone() method but which and the class itself is nonfinal.
Noncompliant Code Example
...