react to feedback

Author: Rick Anderson

docs/code-quality/ca2302.md

@@ -30,6 +30,9 @@ This rule is similar to [CA2301](ca2301.md), but analysis can't determine if the
 
 By default, this rule analyzes the entire codebase, but this is [configurable](#configurability).
 
+> [!WARNING]
+> Restricting types with a SerializationBinder can't prevent all attacks. For more information, see the [BinaryFormatter security guide](/dotnet/standard/serialization/binaryformatter-security-guide).
+
 ## Rule description
 
 [!INCLUDE[insecure-deserializers-description](includes/insecure-deserializers-description-md.md)]

docs/code-quality/ca2311.md

@@ -28,6 +28,9 @@ A <xref:System.Runtime.Serialization.NetDataContractSerializer?displayProperty=n
 
 By default, this rule analyzes the entire codebase, but this is [configurable](#configurability).
 
+> [!WARNING]
+> Restricting types with a SerializationBinder can't prevent all attacks. For more information, see the [BinaryFormatter security guide](/dotnet/standard/serialization/binaryformatter-security-guide).
+
 ## Rule description
 
 [!INCLUDE[insecure-deserializers-description](includes/insecure-deserializers-description-md.md)]

docs/code-quality/ca2312.md

@@ -30,6 +30,9 @@ This rule is similar to [CA2311](ca2311.md), but analysis can't determine if the
 
 By default, this rule analyzes the entire codebase, but this is [configurable](#configurability).
 
+> [!WARNING]
+> Restricting types with a SerializationBinder can't prevent all attacks. For more information, see the [BinaryFormatter security guide](/dotnet/standard/serialization/binaryformatter-security-guide).
+
 ## Rule description
 
 [!INCLUDE[insecure-deserializers-description](includes/insecure-deserializers-description-md.md)]