Note that a nonzero-length array is always mutable, so it is wrong for a class to have a public static final array field, or an accessor that returns such a field. If a class has such a field or accessor, clients will be able to modify the contents of the array. This is a frequent source of security holes:
Hmm, what about Enum's `public static T[] values()`? I just realized there's no JavaDoc for that method...
Does that vend a copy (I never thought about using `values()` as having a performance implication)? Even the JLS doesn't say.
