the arquillian validator seem to be running automatically and without a controlling security manager.

With that behavior we are vunerable to file deletions, system exits and malicious code.

Just try adding this to a @Deployment method:

System.exit(0);

or even worse file deletions.

This is not okey - we need next release to not allow this to happen.