The Serializable interface provides a way of sending objects to streams; these streams can be later saved as files on the user’s disk. What effect could this have on Java’s security?
What happens if you serialize an object, alter the object’s class and try to read it back?