Doc: Enhanced security docs

- Added info about data protection and encryption
- disclosure practices in better detail

SECURITY.md

@@ -1,11 +1,22 @@
-# Security Policy
+Data protection / Security
+==========================
+The components of this system do never collect or store any personal data.
+
+They however exchange data you provide with the Mumble server you connect to, as well as other mumble clients, so be sure to never supply personal data like real names etc. Also never enter passwords or something like that into one of the systems components; it's all password free.
+
+The data exchanged locally (like FGFS or RadioGui to the plugin) is in plaintext, but the data the plugin sends to the Mumble server is encrypted using mumbles own facilities; however bear in mind that the server itself as well as other mumble clients can see the data in plaintext.
+
+
+Security Policy of the project
+==============================
 
 ## Supported Versions
 The project will maintain the latest stable release. Security patches are usually included in the next ordinary release.  
 Fixing security bugs has priority over other issues, so we try to fix them as soon as possible.
 
 
 ## Reporting a Vulnerability
-If you find a vulnerability, please report it as issue on the tracker, using the prefix `Security: ` so attention is rised.
+If you find a vulnerability, please report it as issue on the tracker, using the prefix `Security: ` so attention is rised.  
+If the issue is of higher danger, you should consider "responsible disclosure" (send the report privately to the project first).
 
 Please describe the issue as detailed as possible. If possible, it would be cool if you could provide a patch when reporting.