2 files changed, 16 insertions, 2 deletions

diff --git a/docs/user/generated_config.adoc b/docs/user/generated_config.adoc
index c2521289c..871c65add 100644
--- a/docs/user/generated_config.adoc
+++ b/docs/user/generated_config.adoc
@@ -206,10 +206,10 @@ Use markdown syntax for links in hover.
 --
 Whether to show inlay type hints for method chains.
 --
-[[rust-analyzer.inlayHints.maxLength]]rust-analyzer.inlayHints.maxLength (default: `null`)::
+[[rust-analyzer.inlayHints.maxLength]]rust-analyzer.inlayHints.maxLength (default: `25`)::
 +
 --
-Maximum length for inlay hints. Default is unlimited.
+Maximum length for inlay hints. Set to null to have an unlimited length.
 --
 [[rust-analyzer.inlayHints.parameterHints]]rust-analyzer.inlayHints.parameterHints (default: `true`)::
 +
diff --git a/docs/user/manual.adoc b/docs/user/manual.adoc
index dba2197de..8656dd1da 100644
--- a/docs/user/manual.adoc
+++ b/docs/user/manual.adoc
@@ -516,6 +516,20 @@ See https://github.com/rust-analyzer/rust-project.json-example for a small examp
 
 You can set `RA_LOG` environmental variable to `rust_analyzer=info` to inspect how rust-analyzer handles config and project loading.
 
+== Security
+
+At the moment, rust-analyzer assumes that all code is trusted.
+Here is a **non-exhaustive** list of ways to make rust-analyzer execute arbitrary code:
+
+* proc macros and build scripts are executed by default
+* `.cargo/config` can override `rustc` with an arbitrary executable
+* VS Code plugin reads configuration from project directory, and that can be used to override paths to various executables, like `rustfmt` or `rust-analyzer` itself.
+* rust-analyzer's syntax trees library uses a lot of `unsafe` and hasn't been properly audited for memory safety.
+
+rust-analyzer itself doesn't access the network.
+The VS Code plugin doesn't access the network unless the nightly channel is selected in the settings.
+In that case, the plugin uses the GitHub API to check for and download updates.
+
 == Features
 
 include::./generated_features.adoc[]