From ecf42e6a5999c89666e37c37cc05941496db58ce Mon Sep 17 00:00:00 2001
From: Robert Pluim
Date: Thu, 4 Dec 2025 10:37:28 +0100
Subject: * doc/misc/auth.texi (Help for users): Warn about use of .authinfo

---
 doc/misc/auth.texi | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/misc/auth.texi b/doc/misc/auth.texi
index 1fd232a697e..11c3ec9393d 100644
--- a/doc/misc/auth.texi
+++ b/doc/misc/auth.texi
@@ -215,7 +215,8 @@ Here's a mixed example using two sources:
 
 If you don't customize @code{auth-sources}, you'll have to live with
 the defaults: the unencrypted netrc file @file{~/.authinfo} will be
-used for any host and any port.
+used for any host and any port (if it exists).  This is not recommended,
+as it exposes all your secrets in clear text.
 
 If that fails, any host and any port are looked up in the netrc file
 @file{~/.authinfo.gpg}, which is a GnuPG encrypted file (@pxref{GnuPG
-- 
cgit v1.2.1