Please correct me if I'm mistaken, but my impression from the Seam Reference document is that if you enable Seam Remoting then any Entity bean that you've given a Seam @Name has it's data model exposed. Let's say you have a large corporation and a developer uses a wonderful IDE wizard to turn their database model into a package of easy to use Seam-enabled entities. Next the developer enables Seam Remoting to use an @WebRemote enabled session bean. Any competitor to said large corporation can search javascript segments for Seam.Component.newInstance() methods, call out to the Seam Remoting URL garner information about the entities and reverse engineer a data model. It is clear that session beans require @WebRemote annotation. Why are entity beans automatically exposed without such an annotation? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971389#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...