diff --git a/README b/README
index c403179a..7cfd1bd6 100644
--- a/README
+++ b/README
@@ -450,6 +450,16 @@ guidelines in mind:
   These forms of parameter substitutions can also be used on arrays,
   which makes them very powerful (if a little slow).
 
+- Prefer "compgen -W '...' -- $cur" over embedding $cur in external
+  command arguments (often e.g. sed, grep etc) unless there's a good
+  reason to embed it.  Embedding user input in command lines can
+  result in syntax errors and other undesired behavior, or messy
+  quoting requirements when the input contains unusual characters.
+  Good reasons for embedding include functionality (if the thing
+  does not sanely work otherwise) or performance (if it makes a big
+  difference in speed), but all embedding cases should be documented
+  with rationale in comments in the code.
+
 - Do not write to the file-system under any circumstances. This can
   create race conditions, is inefficient, violates the principle of
   least surprise and lacks robustness.