diff --git a/TODO b/TODO
index 87f5fbf8..b2180762 100644
--- a/TODO
+++ b/TODO
@@ -40,6 +40,28 @@ Soon
 General
 =======
 
+NOTE: Some items in this list refer to files in my personal home
+directory or that are otherwise not publicly accessible. This includes
+things sent to me by email that are specifically not public. Even so,
+I find it useful to make reference to them in this list
+
+ * Audit every place where qpdf allocates memory to see whether there
+   are cases where malicious inputs could cause qpdf to attempt to
+   grab very large amounts of memory. Certainly there are cases like
+   this, such as if a very highly compressed, very large image stream
+   is requested in a buffer. Hopefully normal input to output
+   filtering doesn't ever try to do this. QPDFWriter should be checked
+   carefully too. See also bugs/private/from-email-663916/
+
+ * Implement remaining PNG filters. See https://github.com/qpdf/qpdf/pull/166
+
+ * Form flattening: ~/tmp/qtmp/form-flattening-email/. Distill this
+   into notes along with stuff in qpdf email box.
+
+ * Look at ~/Q/pdf-collection/forms-from-appian/
+
+ * Look at Travis-CI for qpdf. See email from Travis-CI in pending.
+
  * Consider adding "uninstall" target to makefile. It should only
    uninstall what it installed, which means that you must run
    uninstall from the version you ran install with. It would only be