ESAPI offers a safer version of this method.
The ESAPI secure coding guidelines contain a list of banned APIs for which a safer alternative is available in ESAPI.
The list of banned and substitute API's:
Banned 001 System.out.println()
Banned 002 Throwable.printStackTrace()
Banned 003 Runtime.exec()
Banned 004 Session.getId()
Banned 005 ServletRequest.getUserPrincipal()
Banned 006 ServletRequest.isUserInRole()
Banned 007 Session.invalidate()
Banned 008 Math.Random.*
Banned 009 File.createTempFile()
Banned 010 ServletResponse.setContentType()
Banned 011 ServletResponse.sendRedirect()
Banned 012 RequestDispatcher.forward()
Banned 013 ServletResponse.addHeader()
Banned 014 ServletResponse.addCookie()
Banned 015 ServletRequest.isSecure()
Banned 016 Properties.*
Banned 017 ServletContext.log()
Banned 018 java.security and javax.crypto
Banned 019 java.net.URLEncoder/Decoder
Banned 021 ServletResponse.encodeURL
Banned 022 ServletResponse.encodeRedirectURL
Banned 023 javax.servlet.ServletInputStream.readLine
[1] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP2060.4 CAT II
[2] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 676
[3] OWASP ESAPI Secure Coding Guideline