diff --git a/x-pack/plugins/alerts/README.md b/x-pack/plugins/alerts/README.md
index 057d86e4c0f31..6d2ad7e37a6dc 100644
--- a/x-pack/plugins/alerts/README.md
+++ b/x-pack/plugins/alerts/README.md
@@ -14,7 +14,6 @@ Table of Contents
 	- [Terminology](#terminology)
 	- [Usage](#usage)
 	- [Alerts API keys](#alerts-api-keys)
-	- [Limitations](#limitations)
 	- [Plugin status](#plugin-status)
 	- [Alert types](#alert-types)
 		- [Methods](#methods)
@@ -67,20 +66,6 @@ For security plugin invalidation, we schedule a task to check if the`api_key_pen
 To change the schedule for the invalidation task, use the kibana.yml configuration option `xpack.alerts.invalidateApiKeysTask.interval`.
 To change the default delay for the API key invalidation, use the kibana.yml configuration option `xpack.alerts.invalidateApiKeysTask.removalDelay`.
 
-## Limitations
-
-When security is enabled, an SSL connection to Elasticsearch is required in order to use alerting.
-
-When security is enabled, users who create alerts will need the `manage_api_key` cluster privilege. There is currently work in progress to remove this requirement.
-
-Note that the `manage_own_api_key` cluster privilege is not enough - it can be used to create API keys, but not invalidate them, and the alerting plugin currently both creates and invalidates APIs keys as part of it's processing.  When using only the `manage_own_api_key` privilege, you will see the following message logged in the server when the alerting plugin attempts to invalidate an API key:
-
-```
-[error][alerting][plugins] Failed to invalidate API Key: [security_exception] \
-    action [cluster:admin/xpack/security/api_key/invalidate] \
-    is unauthorized for user [user-name-here]
-```
-
 ## Plugin status
 
 The plugin status of an alert is customized by including information about checking failures for the framework decryption: