Add some information about what it means for PL/Python to be untrusted.

Similar information already appears in the PL/Perl and PL/Tcl chapters.

Author: petere

doc/src/sgml/plpython.sgml

@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.48 2010/03/29 21:20:58 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.49 2010/03/29 21:35:59 petere Exp $ -->
 
 <chapter id="plpython">
  <title>PL/Python - Python Procedural Language</title>
@@ -27,11 +27,16 @@
 
  <para>
   As of <productname>PostgreSQL</productname> 7.4, PL/Python is only
-  available as an <quote>untrusted</> language (meaning it does not
-  offer any way of restricting what users can do in it).  It has
+  available as an <quote>untrusted</> language, meaning it does not
+  offer any way of restricting what users can do in it.  It has
   therefore been renamed to <literal>plpythonu</>.  The trusted
   variant <literal>plpython</> might become available again in future,
-  if a new secure execution mechanism is developed in Python.
+  if a new secure execution mechanism is developed in Python.  The
+  writer of a function in untrusted PL/Python must take care that the
+  function cannot be used to do anything unwanted, since it will be
+  able to do anything that could be done by a user logged in as the
+  database administrator.  Only superusers can create functions in
+  untrusted languages such as <literal>plpythonu</literal>.
  </para>
 
  <note>