better note on auth

Author: SamuelBellomo

Assets/Scripts/ConnectionManagement/ConnectionState/HostingState.cs

@@ -84,7 +84,8 @@ public override void OnUserRequestedShutdown()
         /// Multiple things can be done here, some asynchronously. For example, it could authenticate your user against an auth service like UGS' auth service. It can
         /// also send custom messages to connecting users before they receive their connection result (this is useful to set status messages client side
         /// when connection is refused, for example).
-        /// Implementation for those are left to the reader.
+        /// Note on authentication: It's usually harder to justify having authentication in a client hosted game's connection approval. Since the host can't be trusted,
+        /// clients shouldn't send it private authentication tokens you'd usually send to a dedicated server.
         /// </remarks>
         /// <param name="request"> The initial request contains, among other things, binary data passed into StartClient. In our case, this is the client's GUID,
         /// which is a unique identifier for their install of the game that persists across app restarts.