The Security Vulnerabilities of Java Serialization

It's just like, there's been so many exploits and things, you know, that are at their roots. The basic issue was that the fact that you could serialize behavior as well as data. And then you could spoof a materialized method with your own thing. People in the databases community have played with this idea for a long time because of records.