...
Protected accessibility is invalid for top-level classes; nested classes may be declared protected. Fields of nonfinal public classes should rarely be declared protected; untrusted code in another package can subclass the class and access the member. Furthermore, protected members are part of the API of the class and consequently require continued support. When this rule is followed, there is no need to declare a field declaring fields as protected is unnecessary. OBJ01-J. Declare data members as private and provide accessible wrapper methods recommends declaring fields as private.
...
Because the class is final, the getPoint() method can be declared public. ( A public subclass that violates this rule cannot override the method and expose it to untrusted code, so its accessibility is irrelevant. ) For nonfinal classes, reducing the accessibility of methods to private or package-private eliminates this threat.
...
For any given body of code, we can compute the minimum accessibility for each class and member so that we do not introduce that avoids introducing new compilation errors. The limitation is that the result of this computation may lack any resemblance to what the designer intended when the code was written. For example, unused members can obviously be declared to be private. However, such members could be unused only because the particular body of code examined coincidentally lacks references to the members. Nevertheless, this computation can provide a useful starting point for a programmer who wishes to minimize the accessibility of classes and their members.
Related Guidelines
...