...
- it does not not pass objects of this class to untrusted code by using suitable encapsulation
- it does not use any untrusted classes that violate this guideline directly or indirectly
EX2: If a superclass of the class documents that it supports client-side locking and synchronizes on its class object, the class should also support client-side locking in the same way. If not, it should document its inconsistent locking policy.
Risk Assessment
Exposing the class object to untrusted code can result in denial-of-service.
...