diff --git a/docs/html/reference/pip_install.rst b/docs/html/reference/pip_install.rst
index 6600693ca..7b0cebbac 100644
--- a/docs/html/reference/pip_install.rst
+++ b/docs/html/reference/pip_install.rst
@@ -402,9 +402,13 @@ Git
^^^
pip currently supports cloning over ``git``, ``git+http``, ``git+https``,
-``git+ssh``, ``git+git`` and ``git+file``, but note that the ``git``, ``git+git``,
-and ``git+http`` are not recommended due to their lack of security.
-(The former two uses `the Git Protocol.`_)
+``git+ssh``, ``git+git`` and ``git+file``.
+
+.. warning::
+
+ Note that the ``git``, ``git+git``,and ``git+http`` are not recommended.
+ (The former two use `the Git Protocol`_, which lacks authentication, and HTTP is
+ insecure due to lack of TLS based encryption)
Here are the supported forms::
@@ -424,7 +428,7 @@ When passing a commit hash, specifying a full hash is preferable to a partial
hash because a full hash allows pip to operate more efficiently (e.g. by
making fewer network calls).
-.. _`the Git Protocol.`: https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols
+.. _`the Git Protocol`: https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols
Mercurial
^^^^^^^^^
diff --git a/news/1983.doc b/news/1983.doc
index 58b85ac1f..9766ebb57 100644
--- a/news/1983.doc
+++ b/news/1983.doc
@@ -1 +1,2 @@
-Remove VCS URLs pertaining to the Git protocol from docs
+Emphasize that VCS URLs using git, git+git and git+http are insecure due to
+lack of authentication and encryption