I have to say that I do not see where the method is serialized in the first example. When serializing without methods, only the class name and properties are serialized. You can see this if you look at the serialized data.
$ser = serialize($object); var_dump($ser);
You will notice that there is no method mentioned. However, if you do not serialize an object, you recreate it using the class name. Or in other words: you get a new object, but with the values that you serialized earlier.
Usually this is not as important as it seems, because usually a serialized / uncertified object should behave the same.
// serialize class A { public $a = null; public function test () { echo "Hello"; } } $a = new A; echo $a->test(); // "Hello" $x = serialize($a); // unserialize (somewhere else) class A { public $a = null; public function test () { echo "World"; } } $a = unserialize($x); echo $a->test(); // "World"
Here the serializer uses the “wrong” class, and the result is different than expected. As long as you make sure there are no name conflicts, you usually don't need to think about it.