In Chapter 8.3 under "Hashing Functions", it is said that "By default, HashMap uses a cryptographically secure hashing function", which is not correct. While it does provide some DoS protection, a cryptographic hash function must have several properties (1st preimage resistance, 2nd preimage resistance, collision resistance).
HashMap internally uses SipHasher13. Its documentation states

Although the SipHash algorithm is considered to be generally strong, it is not intended for cryptographic purposes. As such, all cryptographic uses of this implementation are strongly discouraged.

Also the website of SipHash doesn't claim that it's cryptographically secure. It only claims

Target applications include network traffic authentication and defense against hash-flooding DoS attacks.

I think that the statement in the book might encourage newcomers to the language and/or cryptography to base cryptographic algorithms on the HashMap's default hasher, expecting it to actually be cryptographically secure, which could have huge impacts on security.

One possible solution would be to change the wording to "By default, HashMap uses a strong hashing function". Unfortunately a google search for "strong hash function" has "Cryptographic hash function" as first entry, so maybe something among the lines of "By default, HashMap uses a strong, but non-cryptographic, hashing function …".