diff --git a/README.md b/README.md
index 4f91836..d4d2b25 100644
--- a/README.md
+++ b/README.md
@@ -1578,6 +1578,8 @@ func main() {
 
 ### Bytecode Compiler
 
+QuickJS bytecode should only be loaded from trusted input produced by this library or another trusted writer. It is not a safe interchange format for untrusted data, and loading hostile bytecode may lead to memory corruption in the underlying engine.
+
 ```go
 package main
 
diff --git a/README_zh-cn.md b/README_zh-cn.md
index 8e672dc..296c332 100644
--- a/README_zh-cn.md
+++ b/README_zh-cn.md
@@ -1573,6 +1573,8 @@ func main() {
 
 ### 字节码编译器
 
+QuickJS 字节码只应从本库生成的可信输入，或其他可信写入方生成的输入中加载。它不是面向不可信数据的安全交换格式；加载恶意字节码可能导致底层引擎发生内存破坏。
+
 ```go
 package main
 
diff --git a/context.go b/context.go
index bb13adb..27058ef 100644
--- a/context.go
+++ b/context.go
@@ -986,7 +986,10 @@ func (ctx *Context) CompileModule(filePath string, moduleName string, opts ...Ev
 	return ctx.CompileFile(filePath, opts...)
 }
 
-// LoadModuleByteCode returns a js value with given bytecode and module name.
+// LoadModuleBytecode returns a js value from the given bytecode.
+// Only load bytecode produced by a trusted source. QuickJS bytecode is not a
+// safe interchange format for untrusted data, and loading hostile bytecode
+// may lead to memory corruption in the underlying engine.
 func (ctx *Context) LoadModuleBytecode(buf []byte, opts ...EvalOption) *Value {
 	if !ctx.hasValidRef() {
 		return nil
@@ -1029,8 +1032,11 @@ func (ctx *Context) BootstrapBJSON() bool {
 	return C.js_init_module_bjson(ctx.ref, moduleName) != nil
 }
 
-// EvalBytecode returns a js value with given bytecode.
-// Need call Free() `quickjs.Value`'s returned by `Eval()` and `EvalFile()` and `EvalBytecode()`.
+// EvalBytecode returns a js value from the given bytecode.
+// Only load bytecode produced by a trusted source. QuickJS bytecode is not a
+// safe interchange format for untrusted data, and loading hostile bytecode
+// may lead to memory corruption in the underlying engine.
+// The caller must call Free() on the Value returned by EvalBytecode().
 func (ctx *Context) EvalBytecode(buf []byte) *Value {
 	if !ctx.hasValidRef() {
 		return nil