Update docs/handbook/security.rst

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: aclark4life

docs/handbook/security.rst

@@ -226,8 +226,9 @@ The following mitigations are listed in priority order.
    advisories <https://github.com/python-pillow/Pillow/security/advisories>`_.
 5. **Enforce** ``MAX_IMAGE_PIXELS`` — never set it to ``None``; treat
    ``Image.DecompressionBombWarning`` as an error.
-6. **Allowlist image formats** — unregister plugins your application does not
-   need.
+6. **Allowlist image formats** — restrict accepted formats when opening
+   images, for example with ``Image.open(..., formats=...)``, and isolate
+   installs/environments if you need to minimise supported formats.
 7. **Strip metadata on output** — never pass through EXIF/XMP/ICC from user
    uploads to publicly served images.
 8. **Sanitise all metadata** returned by Pillow before using it downstream.