Fill out the security section of the format spec.
Much of the material presented here has been covered by Mark Pilgrim in his post on consuming RSS Safely:
Security is more than just encryption and signatures.
Add the following text to ""10 Security Considerations""
Added a line about removing 'onLoad' attributes and their ilk.