Well,
this is an old issue that sometimes comes back.
Here we are speaking of Sun Microsystems specifications and not implementation of them: if you want to build a portable enterprise application,
you should follow the specs, and not try-and-error with a specific application server.
However, the specs say that the property fields must be private, protected or package visibility, but don't say what should happen if you set them public. Probably, your app server decided to accept public modifiers for instance variables.
Finally, for what concerns making your primary key serializable, I don't know Manning book, but it might be a mistake.