...
- it sufficiently documents that callers must not pass objects of this class to untrusted code,
- trusted callers do not use the class does not invoke methods on objects of any untrusted classes that violate this guideline directly or indirectly,
- the synchronization policy of the class is properly documented. Classes that claim to support client-side locking should be used with care.
...