diff --git a/config/settings/base.py b/config/settings/base.py
index 9fb7c97f5ca763a12500bb9841c64404dc90e5df..8bef77c62c4146feed83648b7c1a2a17871ce9cf 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -22,8 +22,9 @@ def get_from_env(envvar, default_value=None, fail_if_not_found=True):
     return value
 
 # Unauthenticated access ------------------------------------------------------
-# This variable controls whether unauthenticated access is allowed *ANYWHERE*
-# on this service, except the home page, which is always public.
+# This variable should eventually control whether unauthenticated access is
+# allowed *ANYWHERE* on this service, except the home page, which is always
+# public. For now, it just controls the API.
 UNAUTHENTICATED_ACCESS = True
 
 # Miscellaneous settings ------------------------------------------------------