MANUAL.txt/security: add a note on security risks of include directives.

MANUAL.txt

@@ -6537,21 +6537,26 @@ application, here are some things to keep in mind:
    writer could in principle do anything on your file system. Please
    audit filters and custom writers very carefully before using them.
 
-2. If your application uses pandoc as a Haskell library (rather than
+2. Several input formats (including HTML, Org, and RST) support `include`
+   directives that allow the contents of a file to be included in the
+   output. An untrusted attacker could use these to view the contents of
+   files on the file system.
+
+3. If your application uses pandoc as a Haskell library (rather than
    shelling out to the executable), it is possible to use it in a mode
    that fully isolates pandoc from your file system, by running the
    pandoc operations in the `PandocPure` monad. See the document
    [Using the pandoc API](https://pandoc.org/using-the-pandoc-api.html)
    for more details.
 
-3. Pandoc's parsers can exhibit pathological performance on some
+4. Pandoc's parsers can exhibit pathological performance on some
    corner cases.  It is wise to put any pandoc operations under
    a timeout, to avoid DOS attacks that exploit these issues.
    If you are using the pandoc executable, you can add the
    command line options `+RTS -M512M -RTS` (for example) to limit
    the heap size to 512MB.
 
-4. The HTML generated by pandoc is not guaranteed to be safe.
+5. The HTML generated by pandoc is not guaranteed to be safe.
    If `raw_html` is enabled for the Markdown input, users can
    inject arbitrary HTML.  Even if `raw_html` is disabled,
    users can include dangerous content in URLs and attributes.