A mechanism for securely decompiling representations of objects into copies of the objects is described. A virtual machine may include extensions for decompiling data representation language representations of objects into objects. The decompiler API may accept a data stream, which includes a representation of the object, and output a copy of the object. In one embodiment, during the decompilation of the representation of objects on a client, each message may be checked to verify that the user has access rights to the object. Access right information for the object may be embedded in the message(s) containing the representation of the object. In one embodiment, when the user is done using the client, the user may log off or otherwise signal the user is finished with the client. The client may detect that the user is finished, and may then proceed to delete objects created by decompilation of representations.