Add warning about usage of untrusted sources

Fixes #2
zopefoundation · Dec 1, 2017 · a83fe6f · a83fe6f
1 parent c5562b8
commit a83fe6f
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/README.rst b/README.rst
@@ -24,6 +24,15 @@ This package presents a uniform pickling interface for ZODB:
   C extension) from both Python 3.2 and Python 3.3.  The fork add support
   for the ``noload`` operations used by ZODB.
 
+Caution
+-------
+
+``zodbpickle`` relies on Python's ``pickle`` module.
+The ``pickle`` module is not intended to be secure against erroneous or
+maliciously constructed data. Never unpickle data received from an
+untrusted or unauthenticated source as arbitrary code might be executed.
+
+Also see https://docs.python.org/3.6/library/pickle.html
 
 General Usage
 -------------