diff --git a/README.md b/README.md
index 7e8dbdb..f289582 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,9 @@ A GNU Social-compatible microblogging server : https://github.com/tootsuite/mast
 #### Why this image?
 This image is not the official one. The main difference you can notice is that all processes (web, streaming, sidekiq) are running in a single container, thanks to s6 (a supervision suite). Therefore it's easier to deploy, but not recommended for scaling.
 
+#### Security
+As many images from the time it was first made, this image follows the principle of degrading privileges. It runs first as root to ensure permissions are set correctly and then only makes use of the UID/GID of your choice. While I agree it's not perfect (due to Linux insecurity), it seemed the best security/comfort balance at the time and it'll remain so for a while.
+
 #### Features
 - Based on Alpine Linux.
 - As lightweight as possible.