diff --git a/app/code/core/Mage/Core/Block/Abstract.php b/app/code/core/Mage/Core/Block/Abstract.php
index 48fd19e0b58..029c8981928 100644
--- a/app/code/core/Mage/Core/Block/Abstract.php
+++ b/app/code/core/Mage/Core/Block/Abstract.php
@@ -852,6 +852,7 @@ public function getChildGroup($groupName, $callback = null, $skipEmptyResults =
             $alias = $block->getBlockAlias();
             if (in_array($alias, $this->_childGroups[$groupName])) {
                 if ($callback) {
+                    Mage::helper('core/security')->validateAgainstBlockMethodBlacklist($this, $callback, [$alias]);
                     $row = $this->$callback($alias);
                     if (!$skipEmptyResults || $row) {
                         $result[$alias] = $row;
diff --git a/app/code/core/Mage/Core/Helper/Security.php b/app/code/core/Mage/Core/Helper/Security.php
index f3ff5edaf32..8160acfd76d 100644
--- a/app/code/core/Mage/Core/Helper/Security.php
+++ b/app/code/core/Mage/Core/Helper/Security.php
@@ -28,8 +28,6 @@ class Mage_Core_Helper_Security
 {
     private $invalidBlockActions
         = [
-            // explicitly not using class constant here Mage_Page_Block_Html_Topmenu_Renderer::class
-            // if the class does not exists it breaks.
             ['block' => Mage_Page_Block_Html_Topmenu_Renderer::class, 'method' => 'render'],
             ['block' => Mage_Core_Block_Template::class, 'method' => 'fetchView'],
         ];