Advantages that motivate object-oriented programming, such as encapsulation or information hiding, modularity, and separation of concerns, correspond to security goals such as least privilege and privilege separation in capability-based programming.
[1][2] The object-capability model was first proposed by Jack Dennis and Earl C. Van Horn in 1966.
Caja and Joe-E are variants of JavaScript and Java, respectively, that impose restrictions to eliminate these loopholes.
Computer scientist E. Dean Tribble stated that in smart contracts, identity-based access control did not support well dynamically changing permissions, compared to the object-capability model.
As a consequence, these security properties can be established and maintained in the presence of new objects that contain unknown and possibly malicious code.