This article investigates the security problems raised by the use of proxy-based runtime meta-object protocols (MOPs) for Java and provides an approach for making meta-level code transparent to baselevel code, security-wise. We prove that, but giving all permissions only to the kernel of the MOP and by using Java's built-in mechanism for propagating security contexts, the permissions required by base-level and meta-level code do not interfere. We illustrate this result in the context of a simple proxy-based runtime MOP that we wrote.