diff --git a/checkin_notes b/checkin_notes
index 43f8750699..3908fbdd06 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -8918,5 +8918,4 @@ Rom    9 Dec 2011
       process for the vm crashes.
       
     samples/vboxwrapper/
-        vbox.cpp, .h
-        vboxwrapper.cpp
+        vbox.cpp
diff --git a/samples/vboxwrapper/vbox.cpp b/samples/vboxwrapper/vbox.cpp
index d525efb304..6973789593 100644
--- a/samples/vboxwrapper/vbox.cpp
+++ b/samples/vboxwrapper/vbox.cpp
@@ -727,6 +727,13 @@ int VBOX_VM::resume() {
 //   shared directory or the VM image itself is NOT signed.  Doing so
 //   opens up the network behind the firewall to attack.
 //
+//   Imagine a doomsday scenario where a project has been compromised and
+//   an unsigned executable/VM image has been tampered with.  Volunteer
+//   downloads compromised code and executes it on a company machine.
+//   Now the compromised VM starts attacking other machines on the company
+//   network.  The company firewall cannot help because the originating
+//   machine is already behind the company firewall.
+//
 int VBOX_VM::set_network_access(bool enabled) {
     string command;
     string output;