diff --git a/docker-compose.yaml b/docker-compose.yaml
index ee79598..4ed71c0 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -18,15 +18,18 @@ services:
     environment:
       MESHCORE_DATABASE_PATH: data/meshcore.db
       # Radio connection -- optional if you map just a single serial device above, as the app will autodetect
-
       # Serial (USB)
       # MESHCORE_SERIAL_PORT: /dev/ttyUSB0
       # MESHCORE_SERIAL_BAUDRATE: 115200
-
       # TCP
       # MESHCORE_TCP_HOST: 192.168.1.100
       # MESHCORE_TCP_PORT: 4000
 
+      # Security
+      # MESHCORE_DISABLE_BOTS: "true"
+      # MESHCORE_BASIC_AUTH_USERNAME: changeme
+      # MESHCORE_BASIC_AUTH_PASSWORD: changeme
+
       # Logging
       # MESHCORE_LOG_LEVEL: INFO
     restart: unless-stopped
diff --git a/frontend/src/components/SecurityWarningModal.tsx b/frontend/src/components/SecurityWarningModal.tsx
index 0d6f43e..d04fde2 100644
--- a/frontend/src/components/SecurityWarningModal.tsx
+++ b/frontend/src/components/SecurityWarningModal.tsx
@@ -83,7 +83,7 @@ export function SecurityWarningModal({ health }: SecurityWarningModalProps) {
           </DialogDescription>
         </DialogHeader>
 
-        <div className="space-y-3 text-sm leading-6 text-muted-foreground">
+        <div className="space-y-3 break-words text-sm leading-6 text-muted-foreground">
           <p>
             Without one of those protections, or another access-control layer in front of
             RemoteTerm, anyone on your local network who can reach this app can run Python code on
@@ -95,16 +95,17 @@ export function SecurityWarningModal({ health }: SecurityWarningModalProps) {
             arbitrary code execution.
           </p>
           <p>
-            To reduce that risk, either disable bots with{' '}
-            <code className="rounded bg-muted px-1 py-0.5 text-foreground">
+            To reduce that risk, run the server with environment variables to either disable bots
+            with{' '}
+            <code className="break-all rounded bg-muted px-1 py-0.5 text-foreground">
               MESHCORE_DISABLE_BOTS=true
             </code>{' '}
             or enable the built-in login with{' '}
-            <code className="rounded bg-muted px-1 py-0.5 text-foreground">
+            <code className="break-all rounded bg-muted px-1 py-0.5 text-foreground">
               MESHCORE_BASIC_AUTH_USERNAME
             </code>{' '}
-            and{' '}
-            <code className="rounded bg-muted px-1 py-0.5 text-foreground">
+            /{' '}
+            <code className="break-all rounded bg-muted px-1 py-0.5 text-foreground">
               MESHCORE_BASIC_AUTH_PASSWORD
             </code>
             . Another external auth or access-control system is also acceptable.