This is not a security issue, but is just a matter of removing stuff that might cause future API dependencies. For example, NodeVistor enter and exit methods can be protected instead of public.