diff --git a/qt/aqt/sound.py b/qt/aqt/sound.py
index c5d1649e8..386767a30 100644
--- a/qt/aqt/sound.py
+++ b/qt/aqt/sound.py
@@ -177,16 +177,28 @@ class AVPlayer:
             self._stop_if_playing()
 
     def play_file(self, filename: str) -> None:
-        self.play_tags([SoundOrVideoTag(filename=os.path.basename(filename))])
+        """Play the provided path.
+
+        SECURITY: Filename may be an arbitrary path. For filenames coming from a collection,
+        you should only ever use the os.path.basename(filename) as the filename."""
+        self.play_tags([SoundOrVideoTag(filename=filename)])
 
     def play_file_with_caller(self, filename: str, caller: Any) -> None:
+        """Play the provided path, noting down the caller.
+
+        SECURITY: Filename may be an arbitrary path. For filenames coming from a collection,
+        you should only ever use the os.path.basename(filename) as the filename."""
         if self.current_caller:
             self.current_caller_interrupted = True
         self.current_caller = caller
         self.play_file(filename)
 
     def insert_file(self, filename: str) -> None:
-        self._enqueued.insert(0, SoundOrVideoTag(filename=os.path.basename(filename)))
+        """Place the provided path at the top of the playlist.
+
+        SECURITY: Filename may be an arbitrary path. For filenames coming from a collection,
+        you should only ever use the os.path.basename(filename) as the filename."""
+        self._enqueued.insert(0, SoundOrVideoTag(filename=filename))
         self._play_next_if_idle()
 
     def toggle_pause(self) -> None: