reward security section

Extensions.md

@@ -18,7 +18,20 @@ For developing extensions, see [Developing extensions](https://github.com/AUTOMA
 
 # Security
 
-As extensions allow the user to install and run arbitrary code, this can be used maliciously, and is disabled by default when running with options that allow remote users to connect to the server (`--share` or `--listen`) - you'll still have the UI, but trying to install anything will result in error. If you want to use those options and still be able to install extensions, use `--enable-insecure-extension-access` command line flag.
+Allowing the installation of extensions poses a significant security risk, as it is equivalent to permitting [Arbitrary code execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution), which can be exploited maliciously. Therefore, we disable the ability to install extensions (along with other risky operations) when the WebUI is accessible remotely.
+
+In practice, this means that if you use command line flags such as `--share` or `--listen` to make the WebUI accessible from another computer, the installation of extensions will be blocked. returning the following error message:
+```
+extension access disabled because of command line flags
+```
+
+However, in some cases, you may need to install extensions remotely. If so, you can bypass this restriction by using the [command-line flag](https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Command-Line-Arguments-and-Settings) `--enable-insecure-extension-access`, which overrides the default behavior.
+
+```
+--enable-insecure-extension-access
+```
+
+### Important: It is highly recommended NOT to use the `--enable-insecure-extension-access` during regular use. Only enable it when necessary, and disable it immediately once it is no longer required.
 
 # Extensions