diff --git a/docs/latest/.sha b/docs/latest/.sha
index ea44e135c..7af31a582 100644
--- a/docs/latest/.sha
+++ b/docs/latest/.sha
@@ -1 +1 @@
-600551766d0de3afe880c566dfce21ae03db6cd6
\ No newline at end of file
+1472c5b090a58c9169ed11cdbd794dabd4fb7d64
\ No newline at end of file
diff --git a/docs/latest/api/ipc-renderer.md b/docs/latest/api/ipc-renderer.md
index 1a5b53486..983849f9c 100644
--- a/docs/latest/api/ipc-renderer.md
+++ b/docs/latest/api/ipc-renderer.md
@@ -39,6 +39,18 @@ The `ipcRenderer` module has the following method to listen for events and send
 Listens to `channel`, when a new message arrives `listener` would be called with
 `listener(event, args...)`.
 
+:::warning
+
+Do not expose the `event` argument to the renderer for security reasons! Wrap any
+callback that you receive from the renderer in another function like this:
+`ipcRenderer.on('my-channel', (event, ...args) => callback(...args))`.
+Not wrapping the callback in such a function would expose dangerous Electron APIs
+to the renderer process. See the
+[security guide](../tutorial/security.md#20-do-not-expose-electron-apis-to-untrusted-web-content)
+for more info.
+
+:::
+
 ### `ipcRenderer.off(channel, listener)`
 
 * `channel` string