Re-word some things and be consistent with "SHA" vs "SHA-1"

Author: johnwalthallbb

.gitignore

@@ -93,7 +93,7 @@ Here are some code examples.
 
 :::caution
 A particular source of confusion, and many examples on the Internet stumble on this confusion, is that the SHA-1 output
-must be bytes, not a hex string. If the programming language or library you choose returns a hex string for SHA1, then
+must be bytes, not a hex string. If the programming language or library you choose returns a hex string for SHA-1, then
 it must be recast as a byte array. That is to say: `EF` must be a single byte: `239` (unsigned), not a pair of bytes
 equal to unsigned `69` (the '`E`') and `70` (the '`F`'.)
 :::

docs/blackboard/sis/sis-password-hashes.md

@@ -26,9 +26,11 @@ These are usually used in an event-driven workflow.
 
 ## Security
 
-SIS is effectively infinitely powerful. It can create, remove, or delete anything. SIS data files also contain highly 
-sensitive data and access to them should be strictly controlled. (Note: Support may require the feed file for problem
-investigation.) 
+SIS activity occurs at a high level of privilege. It can create, remove, or delete anything. A user that gains access to
+an SIS username and password could send arbitrary data files that cause arbitrary changes. 
+
+SIS data files also contain potentially sensitive data and access to them should be strictly controlled. (Note: Support
+may require the feed file for problem investigation.) 
 
 One particular case is setting passwords by SIS. They can be supplied in cleartext, but this is not recommended and they
 should be provided in [hashed form.](sis-password-hashes.md)