Could someone please address/elucidate regarding the design goal to solve this issue with the Module Descriptor over the Security Manager? We already can restrict reflection with the Security Manager in today's world. Conceptually speaking, it seems like one stone throw away to restricting reflective access to non-exported types. All this contention with reflection can evaporate with it, too. I don't get why that isn't appealing. Some people on the list have stated a similar agreement, but I don't think anyone has given a clear objection to giving the Security Manager this responsibility.
