However, JavaScript objects can be instantiated from or have their state updated by JSON input very
easily. If you manipulate the state of in-memory objects from untrusted input, you need to be
very careful what properties on the JavaScript object can be manipulated.