And compare this with serialize()/unserialize()

If it varies between php versions, document that.

Add unit tests that properties get unserialized properly for the safe cases.

• They're all unsafe (no fallback to protected/private/public with same name at the moment)