Security Guide needs maintenance

With the default cookie store the cookie value is the session data so what becomes important is the cookie signing which I believe is a sha1 hmac by default) The rails guides (and all the docs in general) are managed via https://github.com/lifo/docrails

Open a pull request there and someone from the docs team will review it (and then generally give you commit rights). Docrails and rails itself are then synced periodically.

Fred.