diff --git a/scripts/user/account_admin.php b/scripts/user/account_admin.php
index bb0b060940..e980b5cefe 100755
--- a/scripts/user/account_admin.php
+++ b/scripts/user/account_admin.php
@@ -123,7 +123,7 @@ if (strlen($password)) {
 
 $is_system_agent = $user->getIsSystemAgent();
 $set_system_agent = phutil_console_confirm(
-  'Should this user be a system agent?',
+  'Is this user a bot/script?',
   $default_no = !$is_system_agent);
 
 $verify_email = null;
@@ -163,7 +163,7 @@ printf($tpl, 'Password', null,
 
 printf(
   $tpl,
-  'System Agent',
+  'Bot/Script',
   $original->getIsSystemAgent() ? 'Y' : 'N',
   $set_system_agent ? 'Y' : 'N');
 
diff --git a/src/applications/people/controller/PhabricatorPeopleListController.php b/src/applications/people/controller/PhabricatorPeopleListController.php
index 63b7c21c89..b0db5d7f62 100644
--- a/src/applications/people/controller/PhabricatorPeopleListController.php
+++ b/src/applications/people/controller/PhabricatorPeopleListController.php
@@ -81,7 +81,7 @@ final class PhabricatorPeopleListController extends PhabricatorPeopleController
       }
 
       if ($user->getIsSystemAgent()) {
-        $item->addIcon('computer', pht('System Agent'));
+        $item->addIcon('computer', pht('Bot/Script'));
       }
 
       if ($viewer->getIsAdmin()) {
diff --git a/src/applications/people/query/PhabricatorPeopleSearchEngine.php b/src/applications/people/query/PhabricatorPeopleSearchEngine.php
index c127470937..9b5ea5337d 100644
--- a/src/applications/people/query/PhabricatorPeopleSearchEngine.php
+++ b/src/applications/people/query/PhabricatorPeopleSearchEngine.php
@@ -108,7 +108,7 @@ final class PhabricatorPeopleSearchEngine
           ->addCheckbox(
             'isAdmin',
             1,
-            pht('Show only Administrators.'),
+            pht('Show only administrators.'),
             $is_admin)
           ->addCheckbox(
             'isDisabled',
@@ -118,7 +118,7 @@ final class PhabricatorPeopleSearchEngine
           ->addCheckbox(
             'isSystemAgent',
             1,
-            pht('Show only System Agents.'),
+            pht('Show only bots.'),
             $is_system_agent)
           ->addCheckbox(
             'needsApproval',
diff --git a/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php b/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php
index 5c7ec10629..78f2c9ee8a 100644
--- a/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php
+++ b/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php
@@ -185,7 +185,7 @@ final class PhabricatorTypeaheadCommonDatasourceController
         if ($user->getIsDisabled()) {
           $closed = pht('Disabled');
         } else if ($user->getIsSystemAgent()) {
-          $closed = pht('System Agent');
+          $closed = pht('Bot/Script');
         }
 
         $result = id(new PhabricatorTypeaheadResult())
diff --git a/src/docs/tech/chatbot.diviner b/src/docs/tech/chatbot.diviner
index bd095fb939..a372e14295 100644
--- a/src/docs/tech/chatbot.diviner
+++ b/src/docs/tech/chatbot.diviner
@@ -63,7 +63,7 @@ servers and in different languages.
 To allow the bot to access Conduit, you need to create a user that it can login
 with. To do this, login to Phabricator as an administrator and go to
 ##People -> Create New Account##. Create a new account and flag them as a
-"System Agent". Then in your configuration file, set these parameters:
+"Bot/Script". Then in your configuration file, set these parameters:
 
   - ##conduit.uri## The URI for your Phabricator install, like
     ##http://phabricator.example.com/##
diff --git a/src/docs/user/userguide/users.diviner b/src/docs/user/userguide/users.diviner
index 3de5958a9e..8d1e28aedb 100644
--- a/src/docs/user/userguide/users.diviner
+++ b/src/docs/user/userguide/users.diviner
@@ -1,50 +1,59 @@
 @title User Guide: Account Roles
 @group userguide
 
-Describes account roles like "Administrator", "Disabled" and "System Agent".
+Describes account roles like "Administrator", "Disabled" and "Bot".
 
 = Overview =
 
 When you create a user account, you can set roles like "Administrator",
-"Disabled" or "System Agent". This document explains what these roles mean.
+"Disabled" or "Bot". This document explains what these roles mean.
 
 = Administrators =
 
-**Administrators** are normal users with extra capabilities. They have access
-to some tools and workflows that normal users don't, which they can use to
-debug and configure Phabricator. For example, they have access to:
+**Administrators** are normal users with a few extra capabilities. Their primary
+role is to keep things running smoothly, and they are not all-powerful. In
+Phabricator, administrators are more like //janitors//.
 
-  - **Account Management**: The primary function of administrators is adding,
-    disabling, and managing user accounts. Administrators can create and edit
-    accounts and view access logs.
-  - **Repositories**: Administrators can configure repositories. This isn't
-    normally available because it is specialized and complicated to configure.
-
-Administrators have a few other minor capabilities in other tools. When you are
-in an administrative interface, the menu bar is red.
+Administrators can create, delete, enable, disable, and approve user accounts.
+Various applications have a few other capabilities which are reserved for
+administrators by default, but these can be changed to provide access to more
+or fewer users.
 
 Administrators are **not** in complete control of the system. Administrators
-**can not** login as other users or act on behalf of other users. Administrators
-**can not** bypass object privacy policies.
+**can not** login as other users or act on behalf of other users. They can not
+destroy data or make changes without leaving an audit trail. Administrators also
+can not bypass object privacy policies.
+
+Limiting the power of administrators means that administrators can't abuse
+their power (they have very little power to abuse), a malicious administrator
+can't do much damage, and an attacker who compromises an administrator account
+is limited in what they can accomplish.
 
 NOTE: Administrators currently //can// act on behalf of other users via Conduit.
 This will be locked down at some point.
 
-= System Agents =
+= Bot/Script Accounts =
 
-**System Agents** are accounts for bots and scripts which need to interface
-with the system but are not regular users. Generally, when you write scripts
-that use Conduit (like the IRC bot), you should create a System Agent account
-for them. System agents:
+**Bot/Script** accounts are accounts for bots and scripts which need to
+interface with the system, but are not regular users. Generally, when you write
+scripts that use Conduit (like the IRC bot), you should create a Bot/Script
+account for them.
 
-  - **can not login** (they //can// access API methods via Conduit);
-  - **can not review diffs or own tasks**;
-  - **do not appear in CC tokenzers**.
+These accounts were previously called "System Agents", but were renamed to make
+things more clear.
 
-Currently, the **System Agent** role for an account can not be changed after the
-account is created. This prevents administrators form changing a normal user
-into a system agent, retrieving their Conduit certificate, and then changing
-them back (which would allow administrators to gain other users' credentials).
+The **Bot/Script** role for an account can not be changed after the account is
+created. This prevents administrators form changing a normal user into a bot,
+retrieving their Conduit certificate, and then changing them back (which
+would allow administrators to gain other users' credentials).
+
+**Bot/Script** accounts differ from normal accounts in that:
+
+  - administrators can access them, edit settings, and retrieve credentials;
+  - they do not receive email;
+  - they appear with lower precedence in the UI when selecting users, with
+    a "Bot" note (because i t usually does not make sense to, for example,
+    assign a task to a bot).
 
 = Disabled Users =
 
@@ -53,14 +62,14 @@ someone leaves a project (e.g., leaves your company, or their internship or
 contract ends) you should disable their account to terminate their access to the
 system. Disabled users:
 
-  - **can not login**;
-  - **can not access Conduit**;
-  - **do not receive email**;
-  - **do not appear in owner/reviewer/CC tokenizers**.
+  - can not login;
+  - can not access Conduit;
+  - do not receive email; and
+  - appear with lower precedence in the UI when selecting users, with a
+    "Disabled" note (because it usually does not make sense to, for example,
+    assign a task to a disabled user).
 
-Users can only be disabled (not deleted) because there are a number of workflows
-that don't make sense if their account is completely deleted, like: finding old
-revisions or tasks that they were responsible for (so you can get someone else
-to take care of them); identifying them as the author of their changes; and
-restoring all their data if they rejoin the project (e.g., they are later
-re-hired, maybe as a full time employee after an internship).
+While users can also be deleted, it is strongly recommended that you disable
+them instead if they interacted with any objects in the system. If you delete a
+user entirely, you won't be able to find things they used to own or restore
+their data later if they rejoin the project.