2 files changed, 8 insertions, 5 deletions

diff --git a/INSTALL b/INSTALL
index 63a25b5..885e59e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -6,10 +6,13 @@ sql/
 
 www/
 	Holds the web site.  This directory should be copied somewhere and
-	configured to be served up, password protected.  How this is
-	accomplished will differ from web server to web server.  It is
-	recommended to run the site over HTTPS to prevent the password being
-	easily sniffed.  The web server must be able to execute PHP.
+	configured to be served up, which MUST be password protected.  This
+	password protection is the only thing stopping a third party accessing
+	your data.  While they would need to know the passphrase to see your
+	passwords, anyone accessing the site can delete and edit entries.
+	How this is accomplished will differ from web server to web server.
+	It is recommended to run the site over HTTPS to prevent the password
+	being easily sniffed.  The web server must be able to execute PHP.
 
 	config.php should be edited and the instructions followed for each
 	config item.
diff --git a/sql/create_db.sh b/sql/create_db.sh
index b54e338..69639db 100755
--- a/sql/create_db.sh
+++ b/sql/create_db.sh
@@ -25,7 +25,7 @@ if [ "$x" ] ; then
 fi
 
 pword="PassMan123!"
-echo "Password of database user [$pword]:"
+echo "Password of database user (hint: change this!) [$pword]:"
 read x
 
 if [ "$x" ] ; then