...
After a serializable class is exported, attempts to refactor its code can easily run into the sandbecome burdensome. Specifically, the old serialized form (encoded representation) has to be continually supported as it is part of the published API. This can be very troublesome from the a security perspective, as it not only promotes dead code but also burdens the provider who has to eternally maintain the existing codebase.
...
Ideally, implement Serializable only when the class is not expected to evolve frequently. One way to maintain the original serialized form, at the same time allowing the class to evolve is to use custom serialization with the help of serialPersistentFields. The static and transient fields allow you to specify what should not be serialized whereas the serialPersistentFields field specifies what should be serialized. It also relieves the class from defining the serializable field within the class implementation, thus decoupling the current implementation from the logic. New fields can easily be added without breaking compatibility across releases.
...