diff --git a/pash b/pash
index ff072e9..0a6c977 100755
--- a/pash
+++ b/pash
@@ -1,4 +1,4 @@
-#!/bin/sh -f
+#!/bin/sh
 #
 # pash - simple password manager.
 
@@ -204,10 +204,6 @@ main() {
     # state on exit or Ctrl+C.
     trap 'stty echo icanon' INT EXIT
 
-    # Ensure that debug mode is never enabled to
-    # prevent the password from leaking.
-    set +x
-
     case $1 in
         a*) pw_add  "$2" ;;
         c*) pw_copy "$2" ;;
@@ -219,4 +215,12 @@ main() {
     esac
 }
 
+# Ensure that debug mode is never enabled to
+# prevent the password from leaking.
+set +x
+
+# Ensure that globbing is globally disabled
+# to avoid insecurities with word-splitting.
+set -f
+
 main "$@"