The @code{Bcc} header is meant to hide recipients of messages.
However, when encrypted messages are used, the e-mail addresses of all
@code{Bcc}-headers are given away to all recipients without
-warning, which is a bug, see
+warning, which is a bug.
+@vindex mml-secure-safe-bcc-list
+But now Message got to warn if Bcc recipients are found in an encrypted
+message when you are just about to send it. If you are sure those
+@code{Bcc} addresses are safe to expose, set the
+@code{mml-secure-safe-bcc-list} variable, that is a list of e-mail
+addresses. See
@uref{https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18718}.