diff --git a/doc/ChangeLog b/doc/ChangeLog
index af21cea9..8b861f99 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -3,7 +3,9 @@
 	* wget.texi: Corrections, clarifications, and English fixes to
 	time-stamping documentation.  Also moved -nr from "Recursive
 	Retrieval Options" to "FTP Options" and gave it a @cindex entry.
-	Alphabetized FTP options by long option name.
+	Alphabetized FTP options by long option name.  Mentioned that
+	.listing symlinked to /etc/passwd is not a security hole, but that
+	other files could be, so root shouldn't run wget in user dirs.
 	
 2001-02-22  Dan Harkless  <wget@harkless.org>
 
diff --git a/doc/wget.texi b/doc/wget.texi
index ddd0544e..a1fa76db 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -919,9 +919,26 @@ discouraged, unless you really know what you are doing.
 @itemx --dont-remove-listing
 Don't remove the temporary @file{.listing} files generated by @sc{ftp}
 retrievals.  Normally, these files contain the raw directory listings
-received from @sc{ftp} servers.  Not removing them can be useful to
-access the full remote file list when running a mirror, or for debugging
-purposes.
+received from @sc{ftp} servers.  Not removing them can be useful for
+debugging purposes, or when you want to be able to easily check on the
+contents of remote server directories (e.g. to verify that a mirror
+you're running is complete).
+
+Note that even though Wget writes to a known filename for this file,
+this is not a security hole in the scenario of a user making
+@file{.listing} a symbolic link to @file{/etc/passwd} or something and
+asking @code{root} to run Wget in his or her directory.  Depending on
+the options used, either Wget will refuse to write to @file{.listing},
+making the globbing/recursion/time-stamping operation fail, or the
+symbolic link will be deleted and replaced with the actual
+@file{.listing} file, or the listing will be written to a
+@file{.listing.@var{number}} file.
+
+Even though this situation isn't a problem, though, @code{root} should
+never run Wget in a non-trusted user's directory.  A user could do
+something as simple as linking @file{index.html} to @file{/etc/passwd}
+and asking @code{root} to run Wget with @samp{-N} or @samp{-r} so the file
+will be overwritten.
 
 @cindex globbing, toggle
 @item -g on/off