Clarify security model

[SamWhited]

The readme says:

[Blackfriday] is paranoid about its input (so you can safely feed it user-supplied data)

but a bit further down it says:

Blackfriday itself does nothing to protect against malicious content. If you are dealing with user-supplied markdown, we recommend running Blackfriday's output through HTML sanitizer such as Bluemonday.

I understand that it's obviously not safe to allow arbitrary user supplied Markdown which may include malicious HTML, but the previous two statements are both rather vague and appear to be in conflict.

It would be nice to have the README or godoc documentation clearly state, in one place, exactly what the security model is. For example, if I use the SkipHTML option, does that make it safe without bluemonday? Is the default policy safe or unsafe if I supply no extra options? What sort of escaping and unescaping does it do? Etc.

[bjarnemagnussen]

I think it is clarified a bit further below under "Features":

NOTE: "safety" in this context means runtime safety only. In order to protect yourself against JavaScript injection in untrusted content, see this example.

However, I think the first paragraph of the README should be changed, as this may be misunderstood and the details further below overlooked.