diff --git a/py-polars/polars/expr/expr.py b/py-polars/polars/expr/expr.py
index f34e3eb1f2ff..f2a91238d5cd 100644
--- a/py-polars/polars/expr/expr.py
+++ b/py-polars/polars/expr/expr.py
@@ -344,6 +344,13 @@ def deserialize(cls, source: str | Path | IOBase) -> Self:
             objects that have a `read()` method, such as a file handler (e.g.
             via builtin `open` function) or `BytesIO`).
 
+        Warnings
+        --------
+            This function uses :mod:`pickle` under some circumstances, and as
+            such inherits the security implications. Deserializing can execute
+            arbitrary code so it should only be attempted on trusted data.
+            Currently, pickle will be used when serializing UDF.
+
         See Also
         --------
         Expr.meta.serialize
diff --git a/py-polars/polars/lazyframe/frame.py b/py-polars/polars/lazyframe/frame.py
index 05d5124bf11e..196d8e879bbf 100644
--- a/py-polars/polars/lazyframe/frame.py
+++ b/py-polars/polars/lazyframe/frame.py
@@ -617,6 +617,14 @@ def deserialize(cls, source: str | Path | IOBase) -> Self:
             objects that have a `read()` method, such as a file handler (e.g.
             via builtin `open` function) or `BytesIO`).
 
+        Warnings
+        --------
+            This function uses :mod:`pickle` under some circumstances, and as
+            such inherits the security implications. Deserializing can execute
+            arbitrary code so it should only be attempted on trusted data.
+            Currently, pickle will be used when serializing UDF.
+
+
         See Also
         --------
         LazyFrame.serialize