diff --git a/doc/hgrc.5.txt b/doc/hgrc.5.txt
--- a/doc/hgrc.5.txt
+++ b/doc/hgrc.5.txt
@@ -50,8 +50,9 @@ installed.
     particular repository.  This file is not version-controlled, and
     will not get transferred during a "clone" operation.  Options in
     this file override options in all other configuration files.
-    On Unix, this file is only read if it belongs to a trusted user
-    or to a trusted group.
+    On Unix, most of this file will be ignored if it doesn't belong
+    to a trusted user or to a trusted group.  See the documentation
+    for the trusted section below for more details.
 
 SYNTAX
 ------
@@ -367,11 +368,16 @@ server::
     data transfer overhead.  Default is False.
 
 trusted::
-  Mercurial will only read the .hg/hgrc file from a repository if
-  it belongs to a trusted user or to a trusted group.  This section
-  specifies what users and groups are trusted.  The current user is
-  always trusted.  To trust everybody, list a user or a group with
-  name "*".
+  For security reasons, Mercurial will not use the settings in
+  the .hg/hgrc file from a repository if it doesn't belong to a
+  trusted user or to a trusted group.  The main exception is the
+  web interface, which automatically uses some safe settings, since
+  it's common to serve repositories from different users.
+
+  This section specifies what users and groups are trusted.  The
+  current user is always trusted.  To trust everybody, list a user
+  or a group with name "*".
+
   users;;
     Comma-separated list of trusted users.
   groups;;