diff --git a/doc/todo/annex_url_redirects.mdwn b/doc/todo/annex_url_redirects.mdwn
index 13da557ad9..9749f8ceb5 100644
--- a/doc/todo/annex_url_redirects.mdwn
+++ b/doc/todo/annex_url_redirects.mdwn
@@ -4,3 +4,16 @@ short url
 How about supporting an url like "annex::https://example.com/foo",
 where the http url redirects to the full annex url. Then any url
 shortener can be used. --[[Joey]]
+
+> This might be a security problem. An arbitrary annex:: url can access an
+> arbitrary resource. Eg, it might be a directory special remote, using any
+> directory on the user's computer, and they won't know if it's hidden
+> behind a http redirect.
+> 
+> Perhaps that could be dealt with by displaying information about the
+> special remote and prompting if it's ok to use. But users generally
+> say "yes" without thinking.
+> 
+> Perhaps it could be limited to safe special remotes. httpalso is surely
+> safe in this context. Would anything else be? Any external special
+> remotes? --[[Joey]]