diff --git a/src/docbkx/springsecurity.xml b/src/docbkx/springsecurity.xml
index e7dd4f9998..a22a7c2887 100644
--- a/src/docbkx/springsecurity.xml
+++ b/src/docbkx/springsecurity.xml
@@ -49,7 +49,8 @@
     hopefully be configured to minimize the permissions granted to different
     Java types, and then your application will add its own problem
     domain-specific security configuration. Spring Security makes this latter
-    area - application security - much easier.</para>
+    area - application security - much easier. 
+    </para>
 
     <para>Of course, you will need to properly address all security layers
     mentioned above, together with managerial factors that encompass every
@@ -65,7 +66,8 @@
     banking application has different needs from an ecommerce application. An
     ecommerce application has different needs from a corporate sales force
     automation tool. These custom requirements make application security
-    interesting, challenging and rewarding.</para>
+    interesting, challenging and rewarding.
+    </para>
 
     <para>Please read <xref linkend="getting-started"/>, in
     its entirety to begin with. This will introduce you to the framework and the namespace-based
@@ -73,10 +75,19 @@
     of an in-depth understaning of how Spring Security works, and some of the classes you might
     need to use, you should then read <xref linkend="overall-architecture"/>.
     The remaining parts of this guide are structured in a more traditional reference style, 
-    designed to be read on an as-required basis.</para>
+    designed to be read on an as-required basis. We'd also recommend that you read up as much as 
+    possible on application security issues in general. Spring Security is not a panacea which will
+    solve all security issues. It is important that the application is designed with security in 
+    mind from the start. Attempting to retrofit it is not a good idea. 
+    In particular, if you are building a web application, you should be aware of the many potential
+    vulnerabilities such as cross-site scripting, request-forgery and session-hijacking which you should
+    be taking into account from the start. The OWASP web site (http://www.owasp.org/) maintains a
+    top ten list of web application vulnerabilities as well as a lot of useful reference information.
+    </para>
 
     <para>We hope that you find this reference guide useful, and we welcome
-      your feedback and <link xlink:href="#jira">suggestions</link>.</para>
+      your feedback and <link xlink:href="#jira">suggestions</link>.
+    </para>
 
     <para>Finally, welcome to the Spring Security <link xlink:href="#community" >community</link>.
     </para>