add --insecure-registry warning to online docs

Signed-off-by: Sally O'Malley <somalley@redhat.com>
Upstream-commit: 5446aac0e539a465a37efbe80c1608f718fe03b6
Component: engine

components/engine/docs/reference/commandline/daemon.md

@@ -448,6 +448,12 @@ Local registries, whose IP address falls in the 127.0.0.0/8 range, are
 automatically marked as insecure as of Docker 1.3.2. It is not recommended to
 rely on this, as it may change in the future.
 
+Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted
+communication, can be useful when running a local registry.  However, 
+because its use creates security vulnerabilities it should ONLY be enabled for
+testing purposes.  For increased security, users should add their CA to their 
+system's list of trusted CAs instead of enabling `--insecure-registry`.
+
 ## Running a Docker daemon behind a HTTPS_PROXY
 
 When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub