diff --git a/NewMutableEncodingDesign.md b/NewMutableEncodingDesign.md
index 1216d26..b3d97dc 100644
--- a/NewMutableEncodingDesign.md
+++ b/NewMutableEncodingDesign.md
@@ -188,6 +188,11 @@ doesn't even change the way the existing caps are used:
 
 ## Shorter readcaps
 
+(oh, oops, ignore this part. HMACs using the readcap as key are vulnerable to
+manipulation by a collusion between Rose-the-readcap-holder and the storage
+servers, and could be used to cause another readcap-holder to see the wrong
+data. Nevermind.)
+
 To make the readcap shorter, we must give up something, like complete
 server-side validation and complete offline attenuation.