diff --git a/set_up_twitter.md b/set_up_twitter.md
index 59ac233..a9b0cc4 100644
--- a/set_up_twitter.md
+++ b/set_up_twitter.md
@@ -23,4 +23,9 @@ consumer_key = "I'M A CONSUMER KEY"
 consumer_secret = "I'M A CONSUMER SECRET"
 access_token = "I'M AN ACCESS TOKEN"
 access_token_secret = "I'M AN ACCESS TOKEN SECRET"
-```
\ No newline at end of file
+```
+
+* The default on some systems is for new files to be publicly readable, so you should change the permissions on the secrets file so no one can hijack your Twitter account.  To remove the world-read permission, on the bash console, make sure you're in the hello-world-bot directory and run 
+```sh
+chmod o-r secrets.py 
+```