Add a warning about using same user for cli and web server

book/installation.rst

@@ -228,6 +228,12 @@ If there are any issues, correct them now before moving on.
     configuration (e.g. commonly httpd.conf or apache2.conf for Apache) and setting
     its user to be the same as your CLI user (e.g. for Apache, update the ``User``
     and ``Group`` values).
+
+    .. caution::
+
+        If used in a production environment, be sure this user only has limited privileges
+        (no access to private data or servers, launch of unsafe binaries, etc.)
+        as a compromised server would give to the hacker those privileges.
 
     **2. Using ACL on a system that supports chmod +a (MacOS X)**