* to what extent should jpms modularity/encapsulation be enforced. many real apps today do need access to jvm private APIs sometimes and for internal/enterprise use cases you do not necessarily want to be bound by the sandbox. for example should we un-sandboxed execution for apps code signed by the company you work for?