diff --git a/README.md b/README.md
index a78e960..2a5733a 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,8 @@ express-brute
 
 A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence.
 
+Note, it may be vulnerable to slow brute-force attaks. It uses not atomic increments to count number of requests, so there may be race conditions on concurrent requests.
+
 Installation
 ------------
   via npm: