diff --git a/examples/rsa-keygen.c b/examples/rsa-keygen.c
index af33b2311e5a022b65d69184860e54fcde438b78..fc4176c3b272ad3ed97f39b3ddcfa382015da228 100644
--- a/examples/rsa-keygen.c
+++ b/examples/rsa-keygen.c
@@ -143,6 +143,8 @@ main(int argc, char **argv)
       return EXIT_FAILURE;
     }
 
+  /* NOTE: This doesn't set up paranoid access restrictions on the
+   * private key file, like a serious key generation tool would do. */
   if (!write_file(priv_name, priv_buffer.size, priv_buffer.contents))
     {
       werror("Failed to write private key: %s\n",