Checking of loops: In some situations, it may be that some variables surely contain no nullpointers in the first iteration of a loop, but in the second (or third, ...) they could be null (by the logic executed in a previous iteration). Such special cases are recognized and NPE hazards reported accordingly. Nested loops are also handled, so there are really no "leaks" in detecting NPE hazards.
Private fields: Privat class fields can be handled as local variables to some extend. So after checking a private field against NULL, it can be savely accessed.
Overriding: when a method is overriden in a subclass, different FindNPE annotations can be declared to the method declaration, with the restriction, that they must be compatible with the FindNPE annotations on the overridden method. This follows exactly the rationale, why the return type of an overriding method is allowed to be a sub class of the return type of the overridden method (but not the other way round).
Incremental compilation: as FindNPE is integrated into Eclipse's Java compiler (JDT), it benefits from JDT's incremental compilation capability and automatically inherits the capability, that Java source files do not need to be saved in order that NPE hazards can be checked. So NPE hazards are reported "while you type" and often can be solved by proposed quick fixes.