I think the current implementation of the ClassResourceProcessor is a
The ClassResourceProcessor exposes all files in the classpath and it's
enable by default.
If you have e.g. your database passwords in properties files you just have
to know the name and path to the file and you can read the content of the
So I think it should at least be disabled by default.