Reword key/cert warning

Rand McKinney · Rand McKinney · commit f0399183816c · 2024-08-23T14:48:41.000-07:00
diff --git a/docs/getting-started.mdx b/docs/getting-started.mdx
@@ -125,7 +125,7 @@ The prerelease libraries for [Node.js](c2pa-node/), [Python](c2pa-python/), and
 Similarly, using the Rust SDK, you can [add a manifest to an asset file](https://docs.rs/c2pa/latest/c2pa/#example-adding-a-manifest-to-a-file), referencing the certificate and private key file. For a simple example of creating and signing a manifest from a C program, see the [c2c2pa repository](https://github.com/contentauth/c2c2pa).
 
 :::warning Warning
-Do not access a private key and certificate directly from the file system in production. Doing so is not secure because it exposes these sensitive files to potential attackers. Instead use a hardware security module (HSM) and optionally a Key Management Service (KMS); for example as show in the [C2PA Python Example](c2pa-python-example/).
+Accessing a private key and certificate directly from the file system is fine during development, but doing so in production may be insecure. Instead use a Key Management Service (KMS) or a hardware security module (HSM) to access the certificate and key; for example as show in the [C2PA Python Example](https://github.com/contentauth/c2pa-python-example).
 :::
 
 ### Verify known certificate list
