diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 087d1c85a8b..6d836fc91bb 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -68,6 +68,17 @@ Each profile defines a set of permissions for a specific application or group
 of applications. The software includes security profiles for a number of more common
 Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc.
 .PP
+Firejail is currently implemented as an SUID binary, which means that if a
+malicious or compromised user account manages to exploit a bug in Firejail,
+that could ultimately lead to a privilege escalation to root.
+To mitigate this, by default only the root user is allowed to run Firejail.
+To allow more users, see firejail-users(5).
+For more details on the security/usability tradeoffs of Firejail, see the
+following discussion:
+.UR https://github.com/netblue30/firejail/discussions/4601
+#4601
+.UE
+.PP
 Alternative sandbox technologies like snap (https://snapcraft.io/) and flatpak (https://flatpak.org/)
 are not supported. Snap and flatpak packages have their own native management tools and will
 not work when sandboxed with Firejail.