diff --git a/doc/FAQ.md b/doc/FAQ.md
index d56b4138376aa2d7c6f9580bf44285f32b7487ce..f9988509128e1150e66f076a6cf4cde234807027 100644
--- a/doc/FAQ.md
+++ b/doc/FAQ.md
@@ -108,7 +108,7 @@ only to HTTP requests.
 You can use [Let's Encrypt](https://letsencrypt.org/) to get an SSL certificate
 for free.
 
-Again, Please follow [./guide.md](./guide.md) for our recommendations on setting up and using code-server.
+Again, please follow [./guide.md](./guide.md) for our recommendations on setting up and using code-server.
 
 ## How do I securely access web services?
 
diff --git a/doc/guide.md b/doc/guide.md
index 8cc05e0c9e5944f86cb4590b7931fdcb077c1274..ef1d6e0b7011efe682f9ebc7d02f5d01cea64a3e 100644
--- a/doc/guide.md
+++ b/doc/guide.md
@@ -94,11 +94,13 @@ systemctl --user enable --now code-server
 **Never**, **ever** expose `code-server` directly to the internet without some form of authentication
 and encryption as someone can completely takeover your machine with the terminal.
 
-There are several approaches to securely operating and exposing code-server.
-
 By default, code-server will enable password authentication which will
-require you to copy the password from the code-server config file to login. You
-can also set a custom password with `$PASSWORD`.
+require you to copy the password from the code-server config file to login. Since it
+cannot use TLS by default, it will listen on `localhost` to avoid exposing itself
+to the world. This is fine for testing but will not work if you want to access `code-server`
+from a different machine.
+
+There are several approaches to securely operating and exposing code-server.
 
 **tip**: You can list the full set of code-server options with `code-server --help`