diff --git a/doc/classes/PacketPeer.xml b/doc/classes/PacketPeer.xml
index bad350ffb10..1e809b4e27c 100644
--- a/doc/classes/PacketPeer.xml
+++ b/doc/classes/PacketPeer.xml
@@ -60,6 +60,8 @@
 	</methods>
 	<members>
 		<member name="allow_object_decoding" type="bool" setter="set_allow_object_decoding" getter="is_object_decoding_allowed">
+			If [code]true[/code] the PacketPeer will allow encoding and decoding of object via [method get_var] and [method put_var].
+			[b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
 		</member>
 	</members>
 	<constants>
diff --git a/scene/main/scene_tree.cpp b/scene/main/scene_tree.cpp
index c48b508a5ea..3f63e22e42e 100644
--- a/scene/main/scene_tree.cpp
+++ b/scene/main/scene_tree.cpp
@@ -1820,10 +1820,10 @@ void SceneTree::_rpc(Node *p_from, int p_to, bool p_unreliable, bool p_set, cons
 
 	if (p_set) {
 		//set argument
-		Error err = encode_variant(*p_arg[0], NULL, len);
+		Error err = encode_variant(*p_arg[0], NULL, len, !network_peer->is_object_decoding_allowed());
 		ERR_FAIL_COND(err != OK);
 		MAKE_ROOM(ofs + len);
-		encode_variant(*p_arg[0], &packet_cache[ofs], len);
+		encode_variant(*p_arg[0], &packet_cache[ofs], len, !network_peer->is_object_decoding_allowed());
 		ofs += len;
 
 	} else {
@@ -1832,10 +1832,10 @@ void SceneTree::_rpc(Node *p_from, int p_to, bool p_unreliable, bool p_set, cons
 		packet_cache[ofs] = p_argcount;
 		ofs += 1;
 		for (int i = 0; i < p_argcount; i++) {
-			Error err = encode_variant(*p_arg[i], NULL, len);
+			Error err = encode_variant(*p_arg[i], NULL, len, !network_peer->is_object_decoding_allowed());
 			ERR_FAIL_COND(err != OK);
 			MAKE_ROOM(ofs + len);
-			encode_variant(*p_arg[i], &packet_cache[ofs], len);
+			encode_variant(*p_arg[i], &packet_cache[ofs], len, !network_peer->is_object_decoding_allowed());
 			ofs += len;
 		}
 	}
@@ -2018,7 +2018,7 @@ void SceneTree::_network_process_packet(int p_from, const uint8_t *p_packet, int
 
 					ERR_FAIL_COND(ofs >= p_packet_len);
 					int vlen;
-					Error err = decode_variant(args[i], &p_packet[ofs], p_packet_len - ofs, &vlen);
+					Error err = decode_variant(args[i], &p_packet[ofs], p_packet_len - ofs, &vlen, network_peer->is_object_decoding_allowed());
 					ERR_FAIL_COND(err != OK);
 					//args[i]=p_packet[3+i];
 					argp[i] = &args[i];
@@ -2044,7 +2044,7 @@ void SceneTree::_network_process_packet(int p_from, const uint8_t *p_packet, int
 				ERR_FAIL_COND(ofs >= p_packet_len);
 
 				Variant value;
-				decode_variant(value, &p_packet[ofs], p_packet_len - ofs);
+				decode_variant(value, &p_packet[ofs], p_packet_len - ofs, NULL, network_peer->is_object_decoding_allowed());
 
 				bool valid;