Why such a rule for EJB?

Section 24.1.2 of the ejb spec says:
****
The enterprise bean must not attempt to query a class to obtain info about the declared members that are not otherwise accessible to the ejb because of the security rules of java lang. The ejb must not attempt to use the Reflection API to access info that the security rules of the java prog
lang make unavailable.
****
Does the above implies that ejb's environment do allow the above to be done and the spec need to explicitly prohibit it? I suppose ejb is not able to do what a normal java program already not able to do.
Anyone can clarify?

I do not know. But I have noticed that the remote home interface EJBHome has the method

EJBMetaData getEJBMetaData(),
but the local home interface EJB does not have it. In one of the EJB Books, it is mentioned that you can use reflection for local interfaces and cannot for remote interfaces!.....But in the programming restrictions of the EJB Spec, it's been mentioned that reflection shouldn't be used......