diff --git a/README.md b/README.md
index 8521839411..0dc17b90e4 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ Important Security Note
 We do not recommend running Vector from the same domain name as your Matrix
 homeserver.  The reason is the risk of XSS (cross-site-scripting) vulnerabilities
 that could occur if someone caused Vector to load and render malicious user generated
-content from a Matrix API which then had trusted access to Vector due
+content from a Matrix API which then had trusted access to Vector (or other apps) due
 to sharing the same domain.
 
 We have put some coarse mitigations into place to try to protect against this situation,