Calling overridable methods from the clone() method is dangerous for two reasons. First, a malicious subclass may override the method and affect the behavior of the clone() method. Second, a trusted subclass may observe the object in an uninitialized state because its construction may not have has concluded. It is possible to leave the clone as well as the object being cloned, in an inconsistent state.
...
Alternatively, it is permissible to declare the methods private or to declare the class final. Eliminating the method calls by congregating the code together is another methodalso permissible.
Risk Assessment
Calling overridable methods on the clone under construction, can leave its state or that of the object being cloned, inconsistent.
...