> In SecureSqueak, direct invasive object access using basicAt:put:,
> at:put: and so forth will be disallowed.

I've always wondered what good this would do, blocking particular
kinds of object-access api's.  Couldn't an attacker easily just
(mis)use whatever legal-api to wreak havoc anyway?