diff --git a/doc/security-warnings.md b/doc/security-warnings.md
index c5c340854..a4a4060a3 100644
--- a/doc/security-warnings.md
+++ b/doc/security-warnings.md
@@ -14,6 +14,25 @@ make proving keys generated on 64-bit systems unusable on 32-bit and big-endian
 systems. It's unclear if a warning will be issued in this case, or if the
 proving system will be silently compromised.
 
+Wallet Encryption
+-----------------
+
+Wallet encryption is disabled, for several reasons:
+
+- Encrypted wallets are unable to correctly detect shielded spends (due to the
+  nature of unlinkability of JoinSplits) and will incorrectly show much larger
+  available shielded balances until the next time the wallet is unlocked.
+
+- While encrypted wallets prevent spending of funds, they do not maintain the
+  shielding properties of JoinSplits (due to the need to detect spends). That
+  is, someone with access to an encrypted wallet.dat has full visibility of
+  your entire transaction graph (other than newly-detected spends, which suffer
+  from the earlier issue).
+
+You should use full-disk encryption (or encryption of your home directory) to
+protect your wallet at rest, and should assume (even unprivileged) users who are
+runnng on your OS can read your wallet.dat file.
+
 Side-Channel Attacks
 --------------------