...
EX1: It is allowable to forgo defensive copying using the clone() method in cases where the (non-system) class can be subclassed by untusted untrusted code. This is because malicious code may return a crafted object when the object's clone() method is invoked.
...