--- README.old	2009-01-03 14:48:05.596241654 +0100
+++ README	2009-01-03 14:54:08.312484984 +0100
@@ -93,8 +93,13 @@ That will allow your users and their sys
 use custom versions of the xdg-utils to adjust for system spsecific
 differences.
 
 If you wish to absolutely force the issue and only use the versions
 you shipped, you could instead hard code the path to the version
 you bundle with your application.  We strongly recommend against
 this, as it will make your product obsolete more quickly than is
 necessary.
+
+SECURITY:
+---------
+
+Using xdg-open in /etc/mailcap or $HOME/.mailcap may cause a security hole, as firefox, and other Mozilla-based software, use those files to detect default applications, just based on the content-type, sent by the HTTP-server. This would allow an attacker to trick a user into opening dangerous files by sending them with a non-dangerous content-type. (Bug 19377)