diff --git a/.circleci/config.yml b/.circleci/config.yml
index 7bc10c86..a63a315b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -12,9 +12,6 @@ jobs:
     - run:
         name: "Enforce Go Formatted Code"
         command: "! go fmt github.com/zegl/kube-score/... 2>&1 | read"
-    - run:
-        name: "Upload test coverage results"
-        command: bash <(curl -s https://codecov.io/bash)
 
 workflows:
   version: 2
diff --git a/.codecov.yaml b/.codecov.yaml
deleted file mode 100644
index ce33bf10..00000000
--- a/.codecov.yaml
+++ /dev/null
@@ -1 +0,0 @@
-comment: off
\ No newline at end of file
diff --git a/score/security/security.go b/score/security/security.go
index cbcf4bda..1702a9a7 100644
--- a/score/security/security.go
+++ b/score/security/security.go
@@ -50,9 +50,9 @@ func containerSecurityContext(podTemplate corev1.PodTemplateSpec, typeMeta metav
 			}
 		}
 
-		if sec.Privileged == nil || *sec.Privileged {
+		if sec.Privileged != nil && *sec.Privileged {
 			hasPrivileged = true
-			score.AddComment(container.Name, "The container is privileged", "Set securityContext.privileged to false")
+			score.AddComment(container.Name, "The container is privileged", "Set securityContext.privileged to false. Privileged containers can access all devices on the host, and grants almost the same access as non-containerized processes on the host.")
 		}
 
 		if sec.ReadOnlyRootFilesystem == nil || *sec.ReadOnlyRootFilesystem == false {
diff --git a/score/security_test.go b/score/security_test.go
index 01982f84..1ac9429d 100644
--- a/score/security_test.go
+++ b/score/security_test.go
@@ -71,17 +71,7 @@ func TestPodSecurityContext(test *testing.T) {
 			},
 		},
 
-		// Context is non nul, but has all null values
-		{
-			ctx:           &corev1.SecurityContext{},
-			expectedGrade: 1,
-			expectedComment: &scorecard.TestScoreComment{
-				Path:        "foobar",
-				Summary:     "The container is privileged",
-				Description: "Set securityContext.privileged to false",
-			},
-		},
-		// Context is non nul, but has all null values
+		// Context is non-null, but has all null values
 		{
 			ctx:           &corev1.SecurityContext{},
 			expectedGrade: 1,
@@ -145,6 +135,52 @@ func TestPodSecurityContext(test *testing.T) {
 				Description: "A groupid above 10 000 is recommended to avoid conflicts with the host. Set securityContext.runAsGroup to a value > 10000",
 			},
 		},
+
+		// Privileged defaults to "false"
+		{
+			ctx: &corev1.SecurityContext{
+				ReadOnlyRootFilesystem: b(true),
+				RunAsNonRoot:           b(true),
+			},
+			podCtx: &corev1.PodSecurityContext{
+				RunAsUser:  i(20000),
+				RunAsGroup: i(20000),
+			},
+			expectedGrade: scorecard.GradeAllOK,
+		},
+
+		// Privileged explicitly set to "false"
+		{
+			ctx: &corev1.SecurityContext{
+				ReadOnlyRootFilesystem: b(true),
+				RunAsNonRoot:           b(true),
+				Privileged:             b(false),
+			},
+			podCtx: &corev1.PodSecurityContext{
+				RunAsUser:  i(20000),
+				RunAsGroup: i(20000),
+			},
+			expectedGrade: scorecard.GradeAllOK,
+		},
+
+		// Privileged explicitly set to "true"
+		{
+			ctx: &corev1.SecurityContext{
+				ReadOnlyRootFilesystem: b(true),
+				RunAsNonRoot:           b(true),
+				Privileged:             b(true),
+			},
+			podCtx: &corev1.PodSecurityContext{
+				RunAsUser:  i(20000),
+				RunAsGroup: i(20000),
+			},
+			expectedGrade: scorecard.GradeCritical,
+			expectedComment: &scorecard.TestScoreComment{
+				Path:        "foobar",
+				Summary:     "The container is privileged",
+				Description: "Set securityContext.privileged to false. Privileged containers can access all devices on the host, and grants almost the same access as non-containerized processes on the host.",
+			},
+		},
 	}
 
 	for caseID, tc := range tests {