diff --git a/README.md b/README.md
index 83acb7d..1a2e955 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,7 @@ In order to use Browserpass you must also install a [companion native messaging
     -   [Modal HTTP authentication](#modal-http-authentication)
     -   [Password store locations](password-store-locations)
 -   [Options](#options)
+-   -   [A note about autosubmit](#a-note-about-autosubmit)
 -   [Usage data](#usage-data)
 -   [Security](#security)
 -   [Privacy](#privacy)
@@ -232,6 +233,12 @@ Browserpass allows configuring certain settings in different places places using
     - Custom store locations - badge background color (aka `bgColor`)
     - Custom store locations - badge text color (aka `color`)
 
+### A note about autosubmit
+
+While we provide autosubmit as an option for users, we do not recommend it. This is because, while Browserpass' fill logic is robust and usually reliable, it occasionally gets things wrong and fills something (typically the username) into a field or form where it doesn't belong. If autosubmit is enabled, then this can result in Browserpass _automatically submitting_ sensitive credentials into something that isn't a login form.
+
+As the demand for autosubmit is extremely high, we have decided to provide it anyway - however it is disabled by default, and we recommend that users do not enable it.
+
 ## Usage data
 
 Browserpass keeps metadata of recently used credentials in local storage and Indexed DB of the background page. This is first and foremost internal data to make Browserpass function properly, used for example to implement the [Password matching and sorting](#password-matching-and-sorting) algorithm, but nevertheless you might find it useful to explore using your browser's devtools. For example, if you are considering to rotate all passwords that you used in the past month (e.g. if you just found out that you had a malicious app installed for several weeks), you can retrieve such list from Indexed DB quite easily (open an issue if you need help).
diff --git a/src/options/interface.js b/src/options/interface.js
index 9a70233..5f2c9f2 100644
--- a/src/options/interface.js
+++ b/src/options/interface.js
@@ -48,7 +48,7 @@ function attach(element) {
 function view(ctl, params) {
     var nodes = [];
     nodes.push(m("h3", "Basic settings"));
-    nodes.push(createCheckbox.call(this, "autoSubmit", "Automatically submit forms after filling"));
+    nodes.push(createCheckbox.call(this, "autoSubmit", "Automatically submit forms after filling (not recommended)"));
     nodes.push(createInput.call(this, "username", "Default username", "john.smith"));
     nodes.push(createInput.call(this, "gpgPath", "Custom gpg binary", "/path/to/gpg"));