Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
Extended description
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.
Best practices to prevent this CWE
Phase: Architecture and Design; Implementation
Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering.
Reliance on Package-level Scope
