Security Guide needs maintenance

With the default cookie store the cookie value is the session data so what becomes important is the cookie signing which I believe is a sha1 hmac by default) The rails guides (and all the docs in general) are managed via

Open a pull request there and someone from the docs team will review it (and then generally give you commit rights). Docrails and rails itself are then synced periodically.