diff --git a/doc/xdocs/articles.html b/doc/xdocs/articles.html
index 7644944a6c..8b283e8de1 100644
--- a/doc/xdocs/articles.html
+++ b/doc/xdocs/articles.html
@@ -27,7 +27,7 @@
 </head>
 
 <body>
-  <h1>External Web Articles covering Acegi Security<</h1>
+  <h1>External Web Articles covering Acegi Security</h1>
   <p>Here are some of the external pages mentioning Acegi Security. If you've
 	found another, please let us know.
   <ul>
diff --git a/doc/xdocs/faq.html b/doc/xdocs/faq.html
index 3927e9300d..a2f22c561b 100644
--- a/doc/xdocs/faq.html
+++ b/doc/xdocs/faq.html
@@ -46,7 +46,7 @@
 	can be easily supported.</p>
 
   <h2>Why not just use web.xml security?</h2>
-  <p>Let's assuming you're developing an enterprise application based on Spring.
+  <p>Let's assume you're developing an enterprise application based on Spring.
 	There are four security concerns you typically need to address: authentication,
 	web request security, service layer security (ie your methods that implement
 	business logic), and domain object instance security (ie different domain objects
@@ -102,8 +102,8 @@
 						so would introduce an additional argument on every services 
 						layer method. A more elegant approach is to use a ThreadLocal 
 						to hold the Principal, although this would likely increase 
-						development time to a point where it would become more e
-						conomical (on a cost-benefit basis) to simply use a dedicated 
+						development time to a point where it would become more
+						economical (on a cost-benefit basis) to simply use a dedicated 
 						security framework.</li>
 					<li><i>Authorisation code quality:</i> It is often said of web 
 						frameworks that they "make it easier to do the right things, 
@@ -117,7 +117,7 @@
 				</ol>
 				</li>
 	</ol>
-	For simple applications, servlet specification may just be enough.
+	For simple applications, servlet specification security may just be enough.
 	Although when considered within the context of web container portability, 
 	configuration requirements, limited web request security flexibility, and 
 	non-existent services layer and domain object instance security, it becomes 
@@ -148,9 +148,10 @@
 	<code>AuthenticationDao</code> implementations that simply don't properly
 	implement the interface. For example, they return <code>null</code> instead
 	of the user not found exception, or fail to add in the
-	<code>GrantedAuthority[]</code>s. We suggest you write the
-	<code>UserDetails</code> object generated by your <code>AuthenticationDao</code>
-	to the log and check it looks correct.</p>
+	<code>GrantedAuthority[]</code>s. Whilst <code>DaoAuthenticationProvider</code>
+	does its best to check the <code>AuthenticationDao</code>returns a valid 
+	<code>UserDetails</code>, we suggest you write the
+	<code>UserDetails</code> object to the log and check it looks correct.</p>
 
   <h2>I need some help. What files should I post?</h2>
   <p>The most important things to post with any support requests on the
@@ -208,7 +209,7 @@
 	Log4J (instead of JDK logging), Tapestry (instead of JSF), and Velocity/FreeMarker
 	(instead of JSP). It's important to recognise that many open source projects do
 	develop into de facto standards, and in doing so play a legitimate and beneficial
-	role in the software development profession.</p>
+	role in professional software development.</p>
 
   <h2>Do you welcome contributions?</h2>
   <p>Yes. If you've written something and it works well, please feel free to share it.
