diff --git a/tex/text.tex b/tex/text.tex
index 770c181..9c012df 100644
--- a/tex/text.tex
+++ b/tex/text.tex
@@ -1211,7 +1211,9 @@ are bound to the first password change. Of course, the evil administrator could
 just perform the change themselves; however, the user would at least be able to
 find those changes in the activity logs and know not to use the application.
 But given the scenario of a total database compromise, the author finds all
-hope is already lost at that point.
+hope is already lost at that point. At least when the database is dumped, it
+only contains non-sensitive, functional information in plain test, everything
+else should be encrypted.
 
 Consequently, both the application operators and the in-application
 administrators should never be able to learn the details of what the user is