diff --git a/App-Security.md b/App-Security.md
index a6d04be..2ce8bc0 100644
--- a/App-Security.md
+++ b/App-Security.md
@@ -59,6 +59,7 @@ Does not protect against: memory dumps
 #### Why not char[] instead of String?
 
 * Passphrase is already a CharSequence when retrieved from EditText, thus it is already in memory as something different than char[] (String extends CharSequence)
+* Complicates the implementation (pass byte[] in Parcelables instead of Strings?)
 * No convincing attack scenario (see argument below)
 
 > Some people believe that you have to overwrite the memory used to store the password once you no longer > need it. This reduces the time window an attacker has to read the password from your system and > completely ignores the fact that the attacker already needs enough access to hijack the JVM memory to do > this. An attacker with that much access can catch your key events making this completely useless (AFAIK, so please correct me if I am wrong).