Add more potential threats to security section of manual.

MANUAL.txt

@@ -6556,21 +6556,29 @@ application, here are some things to keep in mind:
    files on the file system.  (Using the `--sandbox` option can
    protect against this threat.)
 
-3. If your application uses pandoc as a Haskell library (rather than
+3. Several output formats (including RTF, FB2, HTML with
+   `--self-contained`, EPUB, Docx, and ODT) will embed encoded
+   or raw images into the output file.  An untrusted attacker
+   could exploit this to view the contents of non-image files on the
+   file system.  (Using the `--sandbox` option can protect
+   against this threat, but will also prevent including images in
+   these formats.)
+
+4. If your application uses pandoc as a Haskell library (rather than
    shelling out to the executable), it is possible to use it in a mode
    that fully isolates pandoc from your file system, by running the
    pandoc operations in the `PandocPure` monad. See the document
    [Using the pandoc API](https://pandoc.org/using-the-pandoc-api.html)
    for more details.
 
-4. Pandoc's parsers can exhibit pathological performance on some
+5. Pandoc's parsers can exhibit pathological performance on some
    corner cases.  It is wise to put any pandoc operations under
    a timeout, to avoid DOS attacks that exploit these issues.
    If you are using the pandoc executable, you can add the
    command line options `+RTS -M512M -RTS` (for example) to limit
    the heap size to 512MB.
 
-5. The HTML generated by pandoc is not guaranteed to be safe.
+6. The HTML generated by pandoc is not guaranteed to be safe.
    If `raw_html` is enabled for the Markdown input, users can
    inject arbitrary HTML.  Even if `raw_html` is disabled,
    users can include dangerous content in URLs and attributes.