The documentation of Travis CI indicates about secure env variables that it "makes it available only on pull requests coming from the same repository. These are considered trustworthy, as only members with write access to the repository can send them.".
When checking that in a PR on the same repository, these variables aren't available, and I can see that the flag TRAVIS_SECURE_ENV_VARS is set to false.
Is the documentation wrong or incomplete, or is there anything missing to make it works?