== Ask Yourself Whether

* The data validation implemented in constructors enforces a relevant security check.
* Objects instantiated via deserialization don't run the same security checks as the ones executed when objects are created through constructors.

There is a risk if you answered yes to any of those questions.