Added a security section to the foreword and a footnote to the g

variable

docs/_themes/flasky/static/flasky.css_t

@@ -243,12 +243,18 @@ table.docutils td, table.docutils th {
     padding: 0.25em 0.7em;
 }
 
-table.field-list {
+table.field-list, table.footnote {
     border: none;
     -webkit-box-shadow: none;
     -moz-box-shadow: none;
 }
 
+table.footnote {
+    border: 1px solid #eee;
+    -webkit-box-shadow: 1px 1px 1px #d8d8d8;
+    -moz-box-shadow: 1px 1px 1px #d8d8d8;
+}
+
 table.field-list th {
     padding: 0 0.8em 0 0;
 }
@@ -257,6 +263,10 @@ table.field-list td {
     padding: 0;
 }
 
+table.footnote td {
+    padding: 0.5em;
+}
+ 
 pre {
     background: #FDFDFD;
     padding: 10px;

docs/foreword.rst

@@ -45,6 +45,34 @@ framework.  Flask itself is just one way to implement a framework on top
 of existing libraries.  Unlike many other microframeworks Flask does not
 try to implement anything on its own, it reuses existing code.
 
+Web Development is Dangerous
+----------------------------
+
+I'm not even joking.  Well, maybe a little.  If you write a web
+application you are probably allowing users to register and leave their
+data on your server.  The users are entrusting you with data.  And even if
+you are the only user that might leave data in your application, you still
+want that data to be stored in a secure manner.
+
+Unfortunately there are many ways security of a web application can be
+compromised.  Flask protects you against one of the most common security
+problems of modern web applications: cross site scripting (XSS).  Unless
+you deliberately mark insecure HTML as secure Flask (and the underlying
+Jinja2 template engine) have you covered.  But there are many more ways to
+cause security problems.
+
+Whenever something is dangerous where you have to watch out, the
+documentation will tell you so.  Some of the security concerns of web
+development are far more complex than one might think and often we all end
+up in situations where we think "well, this is just far fetched, how could
+that possibly be exploited" and then an intelligent guy comes along and
+figures a way out to exploit that application.  And don't think, your
+application is not important enough for hackers to take notice.  Depending
+ont he kind of attack, chances are there are automated botnets out there
+trying to figure out how to fill your database with viagra adverisments.
+
+So always keep that in mind when doing web development.
+
 Target Audience
 ---------------
 

docs/patterns.rst

@@ -16,6 +16,8 @@ In Flask you can implement such things with the
 special :class:`~flask.g` object.
 
 
+.. _database-pattern:
+
 Using SQLite 3 with Flask
 -------------------------
 

docs/quickstart.rst

@@ -313,8 +313,8 @@ Here an example template:
     {% endif %}
 
 Inside templates you also have access to the :class:`~flask.request`,
-:class:`~flask.session` and :class:`~flask.g` objects as well as the
-:func:`~flask.get_flashed_messages` function.
+:class:`~flask.session` and :class:`~flask.g` [#]_ objects
+as well as the :func:`~flask.get_flashed_messages` function.
 
 Templates are especially useful if inheritance is used.  If you want to
 know how that works, head over to the :ref:`template-inheritance` pattern
@@ -338,6 +338,11 @@ Markup(u'<blink>hacker</blink>')
 >>> Markup('<em>Marked up</em> &raquo; HTML').striptags()
 u'Marked up \xbb HTML'
 
+.. [#] Unsure what that :class:`~flask.g` object is? It's something you
+   can store information on yourself, check the documentation of that
+   object (:class:`~flask.g`) and the :ref:`database-pattern` for more
+   information.
+
 
 Accessing Request Data
 ----------------------