Update docs/specification/draft/basic/security_best_practices.mdx

Co-authored-by: Aaron Parecki <[email protected]>

Author: localden

docs/specification/draft/basic/security_best_practices.mdx

@@ -117,7 +117,7 @@ registered client before forwarding to third-party authorization servers (which
 
 ### 2.2 Token passthrough
 
-"Token passtrough" is an antipattern where a MCP server accepts tokens from a MCP client without validating that the tokens were properly issued _to the MCP server_ and "passing them through" to the downstream API.
+"Token passthrough" is an anti-pattern where an MCP server accepts tokens from an MCP client without validating that the tokens were properly issued _to the MCP server_ and "passing them through" to the downstream API.
 
 #### 2.2.1 Risks