It occurred to me overnight that the solution I proposed in my last entry does not address the problem. The main reason is, there is nothing stopping a developer from writing a class and giving it the same package as one of my classes. As a result, that class now has access to any of the classes with the new modifier I was proposing.
But what is to stop someone writing a class and marking it as part of my module, thus granting it access to those classes I wanted to restrict access to?
I think my brain is catching up with the reason for some of the discussions I've been reading in the observer mailing list.