Why doesn't the XmlSerializer need the type to be marked [Serializable]?

Question

In C#, if I want to serialize an instance with XmlSerializer, the object\'s type doesn\'t have to be marked with [Serializable] attribute. However,

Answer 1

This is because XmlSerializer only serializes public fields/properties. Other forms of serialization can serialize private data, which constitutes a potential security risk, so you have to "opt in" using an attribute.