Index: tutorial/inputoutput.rst
===================================================================
--- tutorial/inputoutput.rst	(revision 82959)
+++ tutorial/inputoutput.rst	(working copy)
@@ -408,10 +408,15 @@
 don't want to write the pickled data to a file; consult the complete
 documentation for :mod:`pickle` in the Python Library Reference.)
 
-:mod:`pickle` is the standard way to make Python objects which can be stored and
-reused by other programs or by a future invocation of the same program; the
-technical term for this is a :dfn:`persistent` object.  Because :mod:`pickle` is
-so widely used, many authors who write Python extensions take care to ensure
-that new data types such as matrices can be properly pickled and unpickled.
+:mod:`pickle` is the standard way to make Python objects which can be stored
+and reused by other programs or by a future invocation of the same program;
+the technical term for this is a :dfn:`persistent` object. Because
+:mod:`pickle` is so widely used, many authors who write Python extensions take
+care to ensure that new data types such as matrices can be properly pickled
+and unpickled. However, the :mod:`pickle` module is *not* intended to be
+secure against corrupted or maliciously constructed data, and should never be
+used with data from an untrusted or unauthenticated source.
 
 
+
+
Index: library/logging.rst
===================================================================
--- library/logging.rst	(revision 82959)
+++ library/logging.rst	(working copy)
@@ -1590,6 +1590,14 @@
       69 myapp.area2     WARNING  Jail zesty vixen who grabbed pay from quack.
       69 myapp.area2     ERROR    The five boxing wizards jump quickly.
 
+.. warning::
+
+   The :mod:`pickle` module is not intended to be secure against erroneous or
+   maliciously constructed data. One should unpickle data without first
+   verifying that the data is from a trusted source. Thus, the above code
+   should not be used, except within a trusted private network.
+
+
 Using arbitrary objects as messages
 -----------------------------------
 
Index: library/shelve.rst
===================================================================
--- library/shelve.rst	(revision 82959)
+++ library/shelve.rst	(working copy)
@@ -13,7 +13,12 @@
 This includes most class instances, recursive data types, and objects containing
 lots of shared  sub-objects.  The keys are ordinary strings.
 
+.. warning::
 
+   The :mod:`shelve` module is not intended to be secure against erroneous or
+   maliciously constructed data. Never unshelve data received from an
+   untrusted or unauthenticated source.
+
 .. function:: open(filename[, flag='c'[, protocol=None[, writeback=False]]])
 
    Open a persistent dictionary.  The filename specified is the base filename for
Index: library/pickle.rst
===================================================================
--- library/pickle.rst	(revision 82959)
+++ library/pickle.rst	(working copy)
@@ -22,6 +22,12 @@
 "serialization", "marshalling," [#]_ or "flattening", however, to avoid
 confusion, the terms used here are "pickling" and "unpickling".
 
+.. warning::
+
+   The :mod:`pickle` module is not intended to be secure against erroneous or
+   maliciously constructed data.  Never unpickle data received from an untrusted
+   or unauthenticated source.
+
 This documentation describes both the :mod:`pickle` module and the
 :mod:`cPickle` module.
 
@@ -74,12 +80,6 @@
   The :mod:`pickle` serialization format is guaranteed to be backwards compatible
   across Python releases.
 
-.. warning::
-
-   The :mod:`pickle` module is not intended to be secure against erroneous or
-   maliciously constructed data.  Never unpickle data received from an untrusted
-   or unauthenticated source.
-
 Note that serialization is a more primitive notion than persistence; although
 :mod:`pickle` reads and writes file objects, it does not handle the issue of
 naming persistent objects, nor the (even more complicated) issue of concurrent