diff --git a/proposals/4140-delayed-events-futures.md b/proposals/4140-delayed-events-futures.md
index 1e8bcc1f6..ad8b58f99 100644
--- a/proposals/4140-delayed-events-futures.md
+++ b/proposals/4140-delayed-events-futures.md
@@ -91,6 +91,7 @@ to define `future_timeout` and `future_group_id` in their query parameters.
   - Every future group needs at least one timeout future to guarantee that all future expire eventually.
   - If a timeout future is sent without a `future_group_id` a unique identifier will be generated by the
     homeserver and is part of the `send_future` response.
+  - Group id's can only be used by one user. Reasons for this are, that this would basically allow full control over a future group once another matrix user knows the group id. It would also require to federate futures if the users are not on the same homeserver.
 
 Both of the query parameters are optional but one of them has to be present.
 This gives us the following options:
@@ -111,6 +112,7 @@ Possible error responses are all error responses that can occur when using the `
   The server will respond with a [`400`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400) (`Bad Request`, with a message
   containing the maximum allowed `timeout_duration`) if the
   client tries to send a timeout future with a larger `timeout_duration`.
+- The future is using a group_id that belongs to a future group from another user. In this case the homeserver sends a [`405`] (`Not Allowed`).
 
 The body is the same as sending a normal event.