diff --git a/doc/flatpak-builder.xml b/doc/flatpak-builder.xml
index 8ae33f55..847bb57e 100644
--- a/doc/flatpak-builder.xml
+++ b/doc/flatpak-builder.xml
@@ -474,7 +474,9 @@
 
                 <listitem><para>
                     Erase the previous contents of DIRECTORY if it is
-                    not empty.
+                    not empty. Since 1.4.6, deletion will be refused
+                    if DIRECTORY is the current working directory, the
+                    state directory, or any of their parent directories.
                 </para></listitem>
             </varlistentry>
 
diff --git a/src/builder-main.c b/src/builder-main.c
index 606e4d33..876d507c 100644
--- a/src/builder-main.c
+++ b/src/builder-main.c
@@ -862,6 +862,18 @@ main (int    argc,
         {
           if (opt_force_clean)
             {
+              GFile *state_dir = builder_context_get_state_dir (build_context);
+
+              if (g_file_equal (app_dir, state_dir) ||
+                  g_file_equal (app_dir, cwd_dir) ||
+                  g_file_has_prefix (cwd_dir, app_dir) ||
+                  g_file_has_prefix (state_dir, app_dir))
+                {
+                  g_printerr ("Refusing to delete current working directory, state directory "
+                              "or their parents\n");
+                  return 1;
+                }
+
               g_print ("Emptying app dir '%s'\n", app_dir_path);
               if (!flatpak_rm_rf (app_dir, NULL, &error))
                 {