diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index 8dbc060..29f4638 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -2765,10 +2765,12 @@ function node_form_system_themes_admin_form_submit($form, &$form_state) {
  * default home page at path 'node', an RSS feed, a recent content block, etc.),
  * the process above is followed except that hook_node_access() is not called on
  * each node for performance reasons and for proper functioning of the pager
- * system. When adding a node listing to your module, be sure to use a dynamic
- * query created by db_select() and add a tag of "node_access". This will allow
- * modules dealing with node access to ensure only nodes to which the user has
- * access are retrieved, through the use of hook_query_TAG_alter().
+ * system. This query should have node access restrictions placed on it; all
+ * queries that retrieve a list of nodes (or node IDs) for display to users
+ * should have this tag. However, note that when the Node module alters queries
+ * with this tag, it does not check the published/unpublished status of nodes,
+ * so your base query is responsible for ensuring that unpublished nodes are not
+ * displayed to inappropriate users. 
  *
  * Note: Even a single module returning NODE_ACCESS_DENY from hook_node_access()
  * will block access to the node. Therefore, implementers should take care to