You do raise a valid point but I'll hope you'll notice that I never said "don't validate your data". I was just trying to illustrate an idea. Anyhow, I do agree, not about the validation but about "this is an idea that is full of danger". While I completely agree that this is a horrible model for a banking web app, I still think it could be slick for something like a recipe database that accepts user submissions. I mean really, what's the difference between an object using methods to validate and store a new recipe versus using the traditional posted form data?

I hate to reply to myself but I have to agree with the Anonymous Monk Who Is Wiser Than Me. On reflection, creating objects from JSON is just way too risky. All it takes is one little slip and the attacker has managed to add code to your object and then it's game over. It's sad, I think my idea has a certain beauty, but the dangers are huge.