diff --git a/msal/application.py b/msal/application.py
index c58678ca..b4371c63 100644
--- a/msal/application.py
+++ b/msal/application.py
@@ -1840,7 +1840,17 @@ def acquire_token_by_username_password(
 
             - A successful response would contain "access_token" key,
             - an error response would contain "error" and usually "error_description".
+        
+        [Deprecated] This API is deprecated for public client flows and will be 
+        removed in a future release. Use a more secure flow instead. 
+        Migration guide: https://aka.ms/msal-ropc-migration
+
         """
+        is_confidential_app = self.client_credential or isinstance(
+            self, ConfidentialClientApplication)
+        if not is_confidential_app:
+            warnings.warn("""This API has been deprecated for public client flows, please use a more secure flow.
+        See https://aka.ms/msal-ropc-migration for migration guidance""", DeprecationWarning)
         claims = _merge_claims_challenge_and_capabilities(
                 self._client_capabilities, claims_challenge)
         if self._enable_broker and sys.platform in ("win32", "darwin"):