add more clarification to readme regarding auth modes

add more clarification to readme regarding auth modes

diff --git a/README.md b/README.md
index e3ebf6f..1e9fe7e 100644
--- a/README.md
+++ b/README.md
@@ -188,6 +188,13 @@ In those cases use:
 Rack::MiniProfiler.config.authorization_mode = :whitelist
 `‍``
 
+When deciding to fully profile a page mini profiler consults with the `authorization_mode`
+
+By default in production we attempt to set the authorization mode to `:whitelist` meaning that end user will only be able to see requests where somewhere `Rack::MiniProfiler.authorize_request` is invoked.
+
+In development we run in the `:allow_all` authorization mode meaning every request is profiled and displayed to the end user.
+
+
 ## Configuration
 
 Various aspects of rack-mini-profiler's behavior can be configured when your app boots.

GitHub sha: 5d0618e5