From c1c1db7b51a7699bff41384d07d08f15a6487633 Mon Sep 17 00:00:00 2001
From: Camden Dixie O'Brien <cdo@wip.sh>
Date: Mon, 2 Mar 2026 21:50:39 +0000
Subject: [PATCH] Add note about server.scm probably being insecure

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 0f9de05..029acf2 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,11 @@ and use the system from there.
 cross-origin isolation headers required for `SharedMemoryBuffer` use.
 You could use any HTTP server that sets these headers.
 
+You should **definitely not** use the development server to serve the
+application on the open internet; I just hacked it together for
+testing on localhost during development and it's probably hilariously
+insecure.
+
 ## Peripherals
 
 ### Terminal