...
Overriding thread-safe methods with methods that are not thread-safe is not, in itself, an error. However, it is disallowed by this guidelinerule, because it may easily result in errors that are difficult to diagnose.
The locking strategy of classes designed for inheritance should always be documented. This information can subsequently be used to determine an appropriate locking strategy for subclasses (see guideline rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code).
...
This compliant solution does not violate guideline rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code because the accessibility of the class is package-private. That type of accessibility is allowable when untrusted code cannot infiltrate the package.
...
This noncompliant code example defines a doSomething() method in the Base class that uses a private final lock, in accordance with guideline rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.
...
Any vulnerabilities resulting from the violation of this guideline rule are listed on the CERT website.
...