diff --git a/ugly_hacks/santiago/README.rst b/ugly_hacks/santiago/README.rst
index 064c75b9c..bbc32a0ad 100644
--- a/ugly_hacks/santiago/README.rst
+++ b/ugly_hacks/santiago/README.rst
@@ -550,6 +550,11 @@ Tasks
 - |TODO| allow multiple listeners and senders per protocol (with different
   proxies?)
 
+- |TODO| Continuously review use of getattr and setattr to avoid server-side
+  injection: ``egrep -nHr "(g|s)etattr" *``
+
+  It's acceptable.  For now.
+
 .. |TODO| unicode:: U+2610
 .. |DONE| unicode:: U+2611