diff --git a/gio/gapplication.c b/gio/gapplication.c
index 1d602c763..3708e812c 100644
--- a/gio/gapplication.c
+++ b/gio/gapplication.c
@@ -673,6 +673,8 @@ add_packed_option (GApplication *application,
  * inspected and modified.  If %G_APPLICATION_HANDLES_COMMAND_LINE is
  * set, then the resulting dictionary is sent to the primary instance,
  * where g_application_command_line_get_options_dict() will return it.
+ * As it has been passed outside the process at this point, the types of all
+ * values in the options dict must be checked before being used.
  * This "packing" is done according to the type of the argument --
  * booleans for normal flags, strings for strings, bytestrings for
  * filenames, etc.  The packing only occurs if the flag is given (ie: we
diff --git a/gio/gapplicationcommandline.c b/gio/gapplicationcommandline.c
index 9fe52da5d..fbe634a47 100644
--- a/gio/gapplicationcommandline.c
+++ b/gio/gapplicationcommandline.c
@@ -507,6 +507,9 @@ g_application_command_line_get_arguments (GApplicationCommandLine *cmdline,
  * If no options were sent then an empty dictionary is returned so that
  * you don't need to check for %NULL.
  *
+ * The data has been passed via an untrusted external process, so the types of
+ * all values must be checked before being used.
+ *
  * Returns: (transfer none): a #GVariantDict with the options
  *
  * Since: 2.40