Clarify and add security note about PersistSecurityInfo (#7546)

Author: nycdotnet

xml/System.Data.SqlClient/SqlConnectionStringBuilder.xml

@@ -2017,14 +2017,17 @@ False
         <ReturnType>System.Boolean</ReturnType>
       </ReturnValue>
       <Docs>
-        <summary>Gets or sets a Boolean value that indicates if security-sensitive information, such as the password, is not returned as part of the connection if the connection is open or has ever been in an open state.</summary>
-        <value>The value of the <see cref="P:System.Data.SqlClient.SqlConnectionStringBuilder.PersistSecurityInfo" /> property, or <see langword="false" /> if none has been supplied.</value>
+        <summary>Gets or sets a value indicating if security-sensitive information, such as the password or access token, should be returned as part of the connection string on a connection created with this <see cref="T:System.Data.SqlClient.SqlConnectionStringBuilder" /> after that connection has ever been in an open state.</summary>
+        <value><see langword="true" /> if security-sensitive information should be returned as part of the connection string; otherwise, <see langword="false" />. The default is <see langword="false" />.</value>
         <remarks>
           <format type="text/markdown"><![CDATA[
 
 ## Remarks
  This property corresponds to the "Persist Security Info" and "persistsecurityinfo" keys within the connection string.
 
+> [!NOTE]
+> This property should only be set to `true` if your application has a specific need to read the password out of an already-opened database connection. The default value of `false` is the more secure setting. Using `true` for this property opens your application to security risks, such as accidentally logging or tracing the database password.
+
  ]]></format>
         </remarks>
         <related type="Article" href="/dotnet/framework/data/adonet/connection-strings">Connection Strings in ADO.NET</related>