diff --git a/SECURITY.md b/SECURITY.md
index 5bd974a2..cb54b529 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,6 +1,9 @@
 # Securing rqlite
 rqlite can be secured in various way, and at different levels of control.
 
+## File system security
+You are responsible for securing access to the SQLite databases. There is no reason for any user to directly access the file, for rqlite to work correctly.
+
 ## Network security
 Each rqlite node listens on 2 TCP ports -- one for the HTTP API, and the other for intra-cluster communications. Only the API port need be reachable from outside the cluster.