> There is a risk that existing users were relying on current behavior > to not send sensitive data in final fields across the wire
Agreed, that is the worst case scenario. > such as the serialization policy file. Yeah, my concern would be that the policy file is still somewhat optional, right? At least personally I end up occasionally using the legacy policy because I don't keep policy files across builds. I suppose we could use the policy file if available, otherwise default to the existing behavior. - Stephen -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
