Add notes on security

Author: wooorm

readme.md

@@ -69,6 +69,11 @@ Check if the given value is [*phrasing*][spec] content.
 
 `boolean` — Whether `node` passes the test.
 
+## Security
+
+`hast-util-phrasing` does not change the syntax tree so there are no openings
+for [cross-site scripting (XSS)][xss] attacks.
+
 ## Contribute
 
 See [`contributing.md` in `syntax-tree/.github`][contributing] for ways to get
@@ -128,3 +133,5 @@ abide by its terms.
 [hast]: https://github.com/syntax-tree/hast
 
 [node]: https://github.com/syntax-tree/hast#nodes
+
+[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting