diff --git a/doc/src/sgml/ref/create_publication.sgml b/doc/src/sgml/ref/create_publication.sgml
index 1a828e8d2ff..259fe20a148 100644
--- a/doc/src/sgml/ref/create_publication.sgml
+++ b/doc/src/sgml/ref/create_publication.sgml
@@ -112,6 +112,17 @@ CREATE PUBLICATION <replaceable class="parameter">name</replaceable>
       Specifying a table that is part of a schema specified by
       <literal>FOR ALL TABLES IN SCHEMA</literal> is not supported.
      </para>
+
+     <para>
+      Note that there are currently no privileges on publication, and that any
+      subscriber can access any publication. Thus if you're trying to hide
+      some information from particular subscribers (by using the
+      <literal>WHERE</literal> clause or the column list, or by not adding the
+      whole table to the publication), please be aware that other publications
+      can expose the same information. Publication privileges might be added
+      to <productname>PostgreSQL</productname> in the future to allow for
+      fine-grained access control.
+     </para>
     </listitem>
    </varlistentry>