Index: Doc/library/shelve.rst
===================================================================
--- Doc/library/shelve.rst	(revision 84318)
+++ Doc/library/shelve.rst	(working copy)
@@ -43,6 +43,10 @@
       :meth:`close` explicitly when you don't need it any more, or use a
       :keyword:`with` statement with :func:`contextlib.closing`.
 
+.. warning::
+   Because the :mod:`shelve` module is backed by :mod:`pickle`, it is insecure
+   to load a shelf from an untrusted location.  Like with pickle, an untrusted
+   shelf can, among other things, execute arbitrary code.
 
 Shelf objects support all methods supported by dictionaries.  This eases the
 transition from dictionary based scripts to those requiring persistent storage.