user3957847 wrote:You don't have to. It's called by a lot of key methods in the core API, and the user can decide to put security policies in place.
Ok, but say I'm a malicious programmer: I'll NEVER introduce security manager in my code!
Or, if I introduced it, I'd allow every malicious operation I'll want to do..You don't make that call. The user does, with his policy configuration.