diff --git a/birdhouse/default.env b/birdhouse/default.env
index aa6c40fb8..bec5cec1c 100644
--- a/birdhouse/default.env
+++ b/birdhouse/default.env
@@ -6,6 +6,13 @@
 # must use single quotes to avoid early expansion before overrides in env.local
 # are applied and must be added to the list of DELAYED_EVAL.
 
+# Any default value that should be marked for security concern or recommended modificiation should
+# use the '${__DEFAULT__{var}}' naming format. These can then be referenced in 'env.local.example' to
+# avoid literal value duplication, and ensure they remain in sync. Also, those '${__DEFAULT__{var}}'
+# definitions should *NOT* be exported to avoid unnecessary polution of the environment variables.
+# Variables with format '${__DEFAULT__{var}}' will be flagged accordingly to their required/optional status
+# (see also: 'check_default_vars' in 'birdhouse/read-configs.include.sh').
+
 export BASH_IMAGE="bash:5.1.4"
 
 # Root directory under which all data persistence should be nested under
@@ -92,7 +99,6 @@ export SERVER_LICENSE_URL='${__DEFAULT__SERVER_LICENSE_URL}'
 # Defaults for required variables recommended for override for security reasons.
 # Those will not be set explicitly as defaults to ensure they are overridden explicitly by the instance.
 # These values would be detected only if the instance was configured using a copy of 'env.local.example'.
-# Any default value should use the corresponding '${__DEFAULT__{var}}' reference in 'env.local.example'.
 __DEFAULT__MAGPIE_SECRET="itzaseekrit"
 __DEFAULT__MAGPIE_ADMIN_USERNAME="admin"
 __DEFAULT__MAGPIE_ADMIN_PASSWORD="qwertyqwerty!"
diff --git a/birdhouse/env.local.example b/birdhouse/env.local.example
index 0cebdd563..1487ba44c 100644
--- a/birdhouse/env.local.example
+++ b/birdhouse/env.local.example
@@ -5,8 +5,11 @@
 # Do NOT use environment variables in here since when pavics-compose.sh runs
 # inside a container, the environment vars do not have the same value.
 #
-# Any default value change here should be synchronized with the corresponding
-# value in 'default.env' for the corresponding '__DEFAULT__{var}' definition.
+# Any default value that can pose a security concern or that are strongly
+# recommended to be modified should use '__DEFAULT__{var}' definition, and
+# have those default definitions defined in 'default.env'. This will ensure
+# that these example values are flagged by the script if left unmodified
+# (see also: 'check_default_vars' in 'birdhouse/read-configs.include.sh').
 #############################################################################
 
 # Override data persistence root directory