The class java.lang.invoke.MemberName.Factory is public but should not. It's not a big issue because the compiler will reject any attempt to access to this class because java.lang.invoke.MemberName is package visible and any forged code will need to find an instance of this class which is not easy. Rémi