diff --git a/SECURITY.md b/SECURITY.md
index 58c3ec1..637fe3d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,7 +2,8 @@
 
 This project makes heavy use of `eval` and similar concepts.
 
-Queries are not meant to come from untrusted sources.
+Queries are not meant to come from untrusted sources. My advice is to never run
+this as an online service.
 
 ## Supported Versions
 
@@ -10,7 +11,9 @@ Only the latest release is supported. I will not backport fixes.
 
 ## Reporting a Vulnerability
 
-Contact me at tiposchi@tiscali.it
+For vulnerabilities that do not require a compromised user account:
+
+contact me at tiposchi@tiscali.it
 
 My PGP key is on this file, on git.
 debian/upstream/signing-key.asc