diff --git a/README.txt b/README.txt
index 01ed614..d2b6550 100644
--- a/README.txt
+++ b/README.txt
@@ -25,6 +25,26 @@ None.
 * Grant the "Masquerade as another user" permission to the desired roles.
 
 
+-- SECURITY --
+
+* Masquerade's built-in access control mechanism has been designed to be simple,
+  smart, and secure by default:
+
+  - Users without the masquerade permission are not allowed to masquerade.
+  - Uid 1 may masquerade as anyone.  No one can masquerade as uid 1.
+  - If you have the identical permissions as the target user (or additional
+    permissions), you are allowed to masquerade.
+  - Otherwise, access to masquerade as the target user is denied.
+
+  This means that Masquerade's built-in access control does not allow any kind
+  of privilege escalation.  It is safe to grant the masquerade permission to
+  user roles.  Users are never able to exceed their privileges by masquerading
+  as someone else.
+
+* More fine-grained access control (e.g., role-per-role, per-user, blacklist)
+  may be supplied by separate add-on modules for Masquerade.
+
+
 -- FEATURES AND INTEGRATION --
 
 * The Masquerade module provides and aims for a deep integration with the
diff --git a/masquerade.module b/masquerade.module
index b103dea..1600b7a 100644
--- a/masquerade.module
+++ b/masquerade.module
@@ -23,7 +23,7 @@ account. It records the original user account, so users can easily switch back.'
       $output .= '<h3>' . t('Uses') . '</h3>';
       $output .= '<dl>';
       $output .= '<dt>' . t('Granting masquerade access') . '</dt>';
-      $output .= '<dd>' . t('All users with the !permission are able to switch to any other registered user account. <strong>Caution:</strong> This includes user accounts that may have more administrative privileges than the masquerading user.', array(
+      $output .= '<dd>' . t('Users with the !permission permission are able to masquerade as someone else. Users may only masquerade if they have the same or more permissions as the user they want to switch to. Users are never able to escalate their privileges by masquerading as someone else.', array(
         '!permission' => l(t('Masquerade as another user'), 'admin/people/permissions', array('fragment' => 'module-masquerade')),
       )) . '</dd>';
       $output .= '<dt>' . t('Masquerading as another user') . '</dt>';