diff --git a/src/doc/reference.md b/src/doc/reference.md
index 11bf895341b90..7f410b7fd934e 100644
--- a/src/doc/reference.md
+++ b/src/doc/reference.md
@@ -1152,7 +1152,7 @@ exposing an API making it possible for it to occur in safe code.
 
 * Data races
 * Dereferencing a null/dangling raw pointer
-* Mutating an immutable value/reference
+* Mutating an immutable value/reference without `UnsafeCell`
 * Reads of [undef](http://llvm.org/docs/LangRef.html#undefined-values)
   (uninitialized) memory
 * Breaking the [pointer aliasing
@@ -1165,11 +1165,14 @@ exposing an API making it possible for it to occur in safe code.
   * Using `std::ptr::copy_nonoverlapping_memory` (`memcpy32`/`memcpy64`
     instrinsics) on overlapping buffers
 * Invalid values in primitive types, even in private fields/locals:
-  * Dangling/null pointers in non-raw pointers, or slices
+  * Dangling/null references or boxes
   * A value other than `false` (0) or `true` (1) in a `bool`
   * A discriminant in an `enum` not included in the type definition
   * A value in a `char` which is a surrogate or above `char::MAX`
   * non-UTF-8 byte sequences in a `str`
+* Unwinding into Rust from foreign code or unwinding from Rust into foreign
+  code. Rust's failure system is not compatible with exception handling in
+  other languages. Unwinding must be caught and handled at FFI boundaries.
 
 ##### Behaviour not considered unsafe