diff --git a/railties/environments/environment.rb b/railties/environments/environment.rb
index 73ebf20d3f..c34a07e024 100644
--- a/railties/environments/environment.rb
+++ b/railties/environments/environment.rb
@@ -33,7 +33,8 @@ Rails::Initializer.run do |config|
     :secret      => '<%= app_secret %>'
   }
 
-  # Use the database for sessions instead of the file system
+  # Use the database for sessions instead of the cookie-based default,
+  # which shouldn't be used to store highly confidential information
   # (create the session table with 'rake db:sessions:create')
   # config.action_controller.session_store = :active_record_store