diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..bf0c668
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+I am not responsible. Use it at own risk.
+
+## Vulnerability Definition
+
+Please be aware that this script is intended to be run by administrators,
+who already generally already have privileged access to the machines on
+which the script is running.  Therefore, an example vulnerability that
+uses an unusual set of characters in a password (see #20) to make the
+script not run or to return bizarre results is not considered a meaningful
+vulnerability, since the administrator presumably wouldn't use such a
+password in the first place.
+
+Conversely, however, an example vulnerability that allowed someone with
+`Create_priv` to create a schema with a special name that triggers arbitrary
+code execution in the context of the user running this script when the script
+is invoked is clearly a vulnerability, and will be addressed with the utmost
+urgency.
\ No newline at end of file