diff --git a/README.md b/README.md
index db9d707..de687d0 100644
--- a/README.md
+++ b/README.md
@@ -101,16 +101,16 @@ Scope:
 
 - In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server.
 
-- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, not require confirmation connecting to new hosts, forward authentication, and use compression (which is helpful with scp over low-bandwidth connections):
+- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, and use compression (which is helpful with scp over low-bandwidth connections):
 ```
       TCPKeepAlive=yes
       ServerAliveInterval=15
       ServerAliveCountMax=6
-      StrictHostKeyChecking=no
       Compression=yes
-      ForwardAgent=yes
 ```
 
+- A few other options relevant to ssh are security sensitive and should be enabled with care, e.g. per subnet or host or in trusted networks: `StrictHostKeyChecking=no`, `ForwardAgent=yes`
+
 - To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like
 ```
       stat -c '%A %a %n' /etc/timezone