Dear EG Members, I think the main problem here is that core reflection has become too restrictive. Reflection should be "magical" and have no knowledge of any kind of module and/or visibility boundaries. If you really want to control what can be reflected upon, that should be done via the Policy file of the Security Manager. This proposal is trying to hack out-of-the-box created by too strict of a design. It is very awkward to denote which packages must be reflectable ahead of time --- how can you figure that out?? The consumers who are doing the reflection are innumerable. I'd go as far to say it's it's impossible to devise a preemptive comprehensive strategy that may satisfy the kinds of tooling in the wild. It's best just to open up reflection so it can continue doing what it always has done well: let me see anything I want unless the Security Manager says no. Cheers, Paul