My opinion is that the absence of explicit security means you are not granted access, hence the jboss behavior of using excluded as the default. Don't rely on defaults if you want portability. Explicitly mark the methods unchecked or excluded as required.
thanks for the response. After some investigation in the sources I figured that myself. I logged the issue a bit hastily as a bug - appologies for that. I lowered its severity.