Apply suggestions from code review

Co-authored-by: Den Delimarsky 🌺 <[email protected]>

Author: pcarleton

docs/specification/draft/basic/authorization.mdx

@@ -255,7 +255,8 @@ Servers **MUST** return appropriate HTTP status codes for authorization errors:
 
 ## 3. Security Considerations
 
-Implementations **MUST** follow OAuth 2.1 security best practices.
+Implementations **MUST** follow OAuth 2.1 security best practices. Refer to
+[RFC9700](https://datatracker.ietf.org/doc/html/rfc9700) for details.
 
 ### 3.1 Token Theft
 Attackers who obtain tokens stored by the client, by accessing tokens cached or logged on the server can access protected resources with