diff --git a/server/accounts.go b/server/accounts.go
index b5069737..bd6772f7 100644
--- a/server/accounts.go
+++ b/server/accounts.go
@@ -2692,7 +2692,7 @@ func (a *Account) hasIssuer(issuer string) bool {
 
 // hasIssuerNoLock is the unlocked version of hasIssuer
 func (a *Account) hasIssuerNoLock(issuer string) bool {
-	// same issuer
+	// same issuer -- keep this for safety on the calling code
 	if a.Name == issuer {
 		return true
 	}
diff --git a/server/auth.go b/server/auth.go
index 07546933..069a5e50 100644
--- a/server/auth.go
+++ b/server/auth.go
@@ -525,7 +525,7 @@ func (s *Server) processClientOrLeafAuthentication(c *client, opts *Options) boo
 			c.Debugf("Account JWT not signed by trusted operator")
 			return false
 		}
-		// this only executes IF there's an issuer on the Juc - otherwise the account is already
+		// this only executes IF there's an issuer on the Juc - otherwise the account is already vetted
 		if juc.IssuerAccount != "" && !acc.hasIssuer(juc.Issuer) {
 			c.Debugf("User JWT issuer is not known")
 			return false