From a9d95f8d834733e2ef9f5ad3d3e7b042ff277b84 Mon Sep 17 00:00:00 2001
From: Yury Semikhatsky <yurys@chromium.org>
Date: Wed, 4 Mar 2026 18:38:40 -0800
Subject: [PATCH] docs: not a security boundary section (#1435)

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index dab15af..43743b4 100644
--- a/README.md
+++ b/README.md
@@ -727,6 +727,10 @@ And then in MCP client config, set the `url` to the HTTP endpoint:
 }
 ```
 
+## Security
+
+Playwright MCP is **not** a security boundary. See [MCP Security Best Practices](https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices) for guidance on securing your deployment.
+
 <details>
 <summary><b>Docker</b></summary>