Update text around default policy to make it clear that it is user-modifiable

website/source/docs/concepts/policies.html.md

@@ -368,9 +368,9 @@ wrapping mandatory for a particular path.
     wrapped response.
 
 If both are specified, the minimum value must be less than the maximum. In
-addition, if paths are merged from different stanzas, the lowest value specified
-for each is the value that will result, in line with the idea of keeping token
-lifetimes as short as possible.
+addition, if paths are merged from different stanzas, the lowest value
+specified for each is the value that will result, in line with the idea of
+keeping token lifetimes as short as possible.
 
 ## Builtin Policies
 
@@ -379,10 +379,17 @@ the two builtin policies.
 
 ### Default Policy
 
-The `default` policy is a builtin Vault policy that cannot be modified or
-removed. By default, it is attached to all tokens, but may be explicitly
-detached at creation time. The policy contains basic functionality such as the
-ability for the token to lookup data about itself and to use its cubbyhole data.
+The `default` policy is a builtin Vault policy that cannot be removed. By
+default, it is attached to all tokens, but may be explicitly excluded at token
+creation time by supporting authentication methods.
+
+The policy contains basic functionality such as the ability for the token to
+look up data about itself and to use its cubbyhole data. However, Vault is not
+proscriptive about its contents. It can be modified to suit your needs; Vault
+will never overwrite your modifications. If you want to stay up-to-date with
+the latest upstream version of the `default` policy, simply read the contents
+of the policy from an up-to-date `dev` server, and write those contents into
+your Vault's `default` policy.
 
 To view all permissions granted by the default policy on your Vault
 installation, run: