...
The severity of violations of this rule depend on the nature of the potentially dangerous operations performed. If only mildly dangerous operations are performed, the risk might be limited to denial-of-service (DoS) attacks. At the other extreme, remote code execution is possible is if attacker-supplied input is supplied to methods such as Runtime.exec (either directly or via reflection).
...