diff --git a/7project/backend/app/core/security.py b/7project/backend/app/core/security.py
index 157f653..2093cbb 100644
--- a/7project/backend/app/core/security.py
+++ b/7project/backend/app/core/security.py
@@ -3,7 +3,14 @@ import re
 import jwt
 from fastapi import Request
 
-# Simple in-memory revocation store. In production, consider Redis or database.
+# Simple in-memory revocation store for revoked JWT tokens.
+# 
+# Limitations:
+# - All revoked tokens will be lost if the process restarts (data loss on restart).
+# - Not suitable for multi-instance deployments: the revocation list is not shared between instances.
+#   A token revoked in one instance will not be recognized as revoked in others.
+# 
+# For production, use a persistent and shared store (e.g., Redis or a database).
 _REVOKED_TOKENS: set[str] = set()
 
 # Bearer token regex