Suitability updates

Author: binford2k

README.md

@@ -52,21 +52,20 @@ function as needed.
 ## Suitability
 
 Please note that `node_encrypt` is ***not a security panacea***. It will encrypt
-your secrets in the catalog file on disk using the node's certificate, also on
-disk. This means that if an attacker gains root level access to your filesystem,
-then they can likely read both the encrypted secrets and the key used to decrypt
-them.
+your secrets in the catalog file on disk using the node's certificate, but the
+corresponding private key is also on disk in clear text. This means that if an
+attacker gains root level access to your filesystem, then they can likely read
+both the encrypted secrets and the key required to decrypt them.
 
 | ⚠️ **Warning:** |
 |-----------------|
 | *`node_encrypt` will only protect you in cases where an attacker has access to the catalog file, but not to the node's private certificate.* |
 
 Some of the cases protected by `node_encrypt` might include:
 
-* Filesystem backup
 * Using the catalog files for certain kinds of [impact analysis](https://dev.to/camptocamp-ops/automated-puppet-impact-analysis-1c1)
 * Making catalogs available for troubleshooting with catalog diff
-* Retrieving catalogs from [PuppetDB via API](https://puppet.com/docs/puppetdb/latest/api/query/v4/catalogs.html)
+* Integrations that retrieve catalogs from [PuppetDB via API](https://puppet.com/docs/puppetdb/latest/api/query/v4/catalogs.html)
 
 If you have more stringent security requirements, we suggest integrating with a purpose
 built secret server. See [docs](https://puppet.com/docs/puppet/latest/integrations_with_secret_stores.html) for more details.