One issue that probably bothers me more than it should is returning mutable objects out of a cache. I probably should just return a copy and not worry about it, even though I won't be modifying it. But it bothers me that all those copies get made. On the other hand, when I do find a need to modify one of those objects, I won't have to worry about remembering to make a copy then.

One of the great things about Java is that Strings are immutable. And, if I were worrying about malicious code, the String class is final, so, at least with Strings, Integers, and other primitive types and their wrappers, I don't have to worry about weird things happening. Of course, the Java platform has elaborate security management to support applets, rmi, and other mechanisms of running untrusted code.

However, when designing and implementing an API, how much should be done to protect against malicious usage? I think it's not worth it to take steps against malicious API usage, but it's worth it to think about it, because it is valuable to be able to handle possibly naive usage that might take the same path and wouldn't otherwise be anticipated.