diff --git a/docs/faq.rst b/docs/faq.rst
index cb9c3a2a2..71cdc0140 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -266,6 +266,7 @@ See :ref:`encrypted_repos` for more details.
 .. _password_env:
 .. note:: Be careful how you set the environment; using the ``env``
           command, a ``system()`` call or using inline shell scripts
+          (e.g. ``BORG_PASSPHRASE=hunter12 borg ...``)
           might expose the credentials in the process list directly
           and they will be readable to all users on a system. Using
           ``export`` in a shell script file should be safe, however, as
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index ffc42e350..43d62fc9a 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -169,8 +169,8 @@ may be surprised that the following ``export`` has no effect on your command::
    export BORG_PASSPHRASE='complicated & long'
    sudo ./yourborgwrapper.sh  # still prompts for password
 
-For more information, see sudo(8) man page. Hint: see ``env_keep`` in
-sudoers(5), or try ``sudo BORG_PASSPHRASE='yourphrase' borg`` syntax.
+For more information, refer to the sudo(8) man page and ``env_keep`` in
+the sudoers(5) man page.
 
 .. Tip::
     To debug what your borg process is actually seeing, find its PID