diff --git a/Docs/manual.texi b/Docs/manual.texi
index 740573a7c79..e9468d9d5bc 100644
--- a/Docs/manual.texi
+++ b/Docs/manual.texi
@@ -10769,7 +10769,12 @@ consult with a security expert.
 
 When you connect to a @strong{MySQL} server, you normally should use a
 password.  The password is not transmitted in clear text over the
-connection.
+connection, however the encryption algorithm is not very strong, and
+with some effort a clever attacker can crack the password if he is able
+to sniff the traffic between the client and the server. If the 
+connection between the client and the server goes through an untrusted
+network, you should use an @strong(SSH} tunnel to encrypt the 
+communication.
 
 All other information is transferred as text that can be read by anyone
 who is able to watch the connection.  If you are concerned about this,