diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2e8f7d29c..438ac8307 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1,3 +1,9 @@
+# Copyright (C) 2012 The Android Open Source Project
+#
+# IMPORTANT: Do not create world writable files or directories.
+# This is a common source of Android security bugs.
+#
+
 import /init.${ro.hardware}.rc
 
 on early-init
@@ -163,6 +169,9 @@ on post-fs-data
     mkdir /data/misc/wifi 0770 wifi wifi
     chmod 0660 /data/misc/wifi/wpa_supplicant.conf
     mkdir /data/local 0751 root root
+
+    # For security reasons, /data/local/tmp should always be empty.
+    # Do not place files or directories in /data/local/tmp
     mkdir /data/local/tmp 0771 shell shell
     mkdir /data/data 0771 system system
     mkdir /data/app-private 0771 system system