By Apple specs., when a class support NSSecureCoding, it should use
decodeObjectOfClass:forKey:
in it's initWithCoder
but as the dictionary has no clue about it's content, how can it support secure coding?
in contrary to a custom object, where the property classes are known
According to this answer Foundation containers (Array, Dictionary, Set, others …?) aren't really as secure as one would think. Apparantly only known foundation classes are deemed secure, which means the default implementation won't allow storing custom objects when using NSSecureCoding.
The most important quote:
[...] if you use NSArray() or other collection classes directly in your coding, you need to check what you got back. They are ‘securely’ decoded to the extent that Apple believes decoding them will not result in a buffer overflow etc, that’s all you get by default. [...]