diff --git a/core/includes/file.inc b/core/includes/file.inc
index 02bd107..0dcd6ee 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -1172,7 +1172,10 @@ function file_unmanaged_save_data($data, $destination = NULL, $replace = FILE_EX
  *
  * Directories and files beginning with a dot are excluded; this prevents
  * hidden files and directories (such as SVN working directories) from being
- * scanned.
+ * scanned. This will not exclude config_ directories by default, so secure
+ * usage of this API can be assured by either limiting the initial base
+ * directory to a specific folder, limiting the recursion or adding
+ * "^config_" to the nomask option.
  *
  * @param $dir
  *   The base directory or URI to scan, without trailing slash.