diff --git a/xep-0048.xml b/xep-0048.xml
index 824bb9c2..be7213eb 100644
--- a/xep-0048.xml
+++ b/xep-0048.xml
@@ -33,8 +33,8 @@
&pgmillard;
&stpeter;
For security reasons, actively discouraged use of the password element; specified use of publish-subscribe private information nodes as the preferred storage mechanism; cleaned up the text and examples.
Note: The datatypes are as defined in &w3xmlschema2;.
@@ -272,7 +272,7 @@Security considerations related to object persistent via publish-subscribe are described in XEP-0060 and XEP-0223.
-As noted, use of the <password/> child of the <conference/> element is deprecated and discouraged, since the password could be discovered by a third party, e.g. an eavedropper (if channel encryption is not used) or a server administrator.
+Use of the <password/> child of the <conference/> element is NOT RECOMMENDED, since the password could be discovered by a third party, e.g. an eavesdropper (if channel encryption is not used) or a server administrator. However, the element MAY be used in suitably secure environments (e.g., where it is known that communications will not be sent over unencrypted channels and the server administrators are trusted). Clients SHOULD NOT default to storing passwords and MUST enable users to disable any password storage.