diff --git a/src/ng/http.js b/src/ng/http.js
index 8fb3ae306467..8e5aa3c8d103 100644
--- a/src/ng/http.js
+++ b/src/ng/http.js
@@ -749,8 +749,9 @@ function $HttpProvider() {
      *
      * ### Cross Site Request Forgery (XSRF) Protection
      *
-     * [XSRF](http://en.wikipedia.org/wiki/Cross-site_request_forgery) is a technique by which
-     * an unauthorized site can gain your user's private data. Angular provides a mechanism
+     * [XSRF](http://en.wikipedia.org/wiki/Cross-site_request_forgery) is an attack technique by which
+     * a malicious site can issue requests to your server as if they were coming from JavaScript
+     * running on your domain. Angular provides a mechanism
      * to counter XSRF. When performing XHR requests, the $http service reads a token from a cookie
      * (by default, `XSRF-TOKEN`) and sets it as an HTTP header (`X-XSRF-TOKEN`). Since only
      * JavaScript that runs on your domain could read the cookie, your server can be assured that