I think the problem is accessing the field directly, even with getters/setters the field will be null.

Exactly: without bytecode enhancement, field access cannot be proxified.

Now, people could also access protected or private fields directly, but this is either clearly bad practice or advanced use.
Public fields in a data model seem to be a good practice for some people, though... And final methods are definitely a good thing, they just happen not to work well with proxies. So I think those two cases deserve a red flag somewhere.