diff --git a/sample/systemd/borgmatic.service b/sample/systemd/borgmatic.service
index 5356400a..89807b48 100644
--- a/sample/systemd/borgmatic.service
+++ b/sample/systemd/borgmatic.service
@@ -11,6 +11,8 @@ Type=oneshot
 # For more details about this settings check the systemd manuals
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 LockPersonality=true
+# Certain borgmatic features like Healthchecks integration need MemoryDenyWriteExecute to be off.
+# But you can try setting it to "yes" for improved security if you don't use those features.
 MemoryDenyWriteExecute=no
 NoNewPrivileges=yes
 PrivateDevices=yes