diff --git a/README.md b/README.md
index 7d3a07bc..bc1b717c 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,9 @@ Mustache.java [![Build Status](https://travis-ci.org/spullara/mustache.java.svg?
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fspullara%2Fmustache.java.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fspullara%2Fmustache.java?ref=badge_shield)
 =============
 
+Mustache.java is not designed to allow untrusted parties to provide templates. It may be possible to lock it down to provide that safely,
+but by default it is UNSAFE.
+
 As of release 0.9.0 mustache.java is now Java 8 only. For Java 6/7 support use 0.8.x.
 
 There are no external dependencies and the compiler library is ~100k.