Incorporate suggested improvements

Author: Joep van Delft

user/best-practices-security.md

@@ -7,7 +7,9 @@ permalink: /user/best-practices-security/
 ## Steps Travis CI takes to secure your data
 Travis CI obfuscates secure environment variables and tokens displayed in the UI. Our [documentation about encryption keys](https://docs.travis-ci.com/user/encryption-keys/) outlines the build configuration we require to ensure this, however, once a VM is booted and tests are running, we have less control over what information utilities or add-ons are able to print to the VM’s standard output.
 
-In order to prevent leaks made by these components, we automatically filter secure environment variables and tokens that are longer than three characters at runtime, effectively removing them from the build log, displaying the string `[secure]` instead. Please be aware that if the secret is based on an easily gueassable value such as your repository name or the branch, this could lead to an inadvertant leak. We recommend to use a tool like `mkpasswd` to generate your secrets.
+To prevent leaks made by these components, we automatically filter secure environment variables and tokens that are longer than three characters at runtime, effectively removing them from the build log, displaying the string `[secure]` instead.
+
+Please make sure your secret is never related to the repository or branch name, or any other guessable string. Ideally use a password generation tool such as `mkpasswd` instead of choosing a secret yourself.
 
 ## Recommendations on how to avoid leaking secrets to build logs
 Despite our best efforts, there are however many ways in which secure information can accidentally be exposed. These vary according to what tools you are using and what settings you have enabled. Some things to look out for are: