Warn about low entropy in taintUniqueValue.md (#6379)

* Warn about low entropy in taintUniqueValue.md

* Update src/content/reference/react/experimental_taintUniqueValue.md

Co-authored-by: Jan Kassens <[email protected]>

---------

Co-authored-by: Jan Kassens <[email protected]>

Author: 2 people

src/content/reference/react/experimental_taintUniqueValue.md

@@ -67,7 +67,8 @@ experimental_taintUniqueValue(
 
 #### Caveats {/*caveats*/}
 
-- Deriving new values from tainted values can compromise tainting protection. New values created by uppercasing tainted values, concatenating tainted string values into a larger string, converting tainted values to base64, substringing tainted values, and other similar transformations are not tainted unless you explicity call `taintUniqueValue` on these newly created values.
+* Deriving new values from tainted values can compromise tainting protection. New values created by uppercasing tainted values, concatenating tainted string values into a larger string, converting tainted values to base64, substringing tainted values, and other similar transformations are not tainted unless you explicity call `taintUniqueValue` on these newly created values.
+* Do not use `taintUniqueValue` to protect low-entropy values such as PIN codes or phone numbers. If any value in a request is controlled by an attacker, they could infer which value is tainted by enumerating all possible values of the secret.
 
 ---