Merge branch '2.1.x'

Closes gh-18876

Author: wilkinsona

spring-boot-project/spring-boot-docs/src/main/asciidoc/using-spring-boot.adoc

@@ -916,7 +916,11 @@ NOTE: Profiles activated in the above files will not affect the loading of <<spr
 === Remote Applications
 The Spring Boot developer tools are not limited to local development.
 You can also use several features when running applications remotely.
-Remote support is opt-in.
+Remote support is opt-in as enabling it can be a security risk.
+It should only be enabled when running on a trusted network or when secured with SSL.
+If neither of these options is available to you, you should not use DevTools' remote support.
+You should never enable support on a production deployment.
+
 To enable it, you need to make sure that `devtools` is included in the repackaged archive, as shown in the following listing:
 
 [source,xml,indent=0,subs="verbatim,quotes,attributes"]
@@ -934,15 +938,8 @@ To enable it, you need to make sure that `devtools` is included in the repackage
 	</build>
 ----
 
-Then you need to set a configprop:spring.devtools.remote.secret[] property, as shown in the following example:
-
-[source,properties,indent=0,configprops]
-----
-	spring.devtools.remote.secret=mysecret
-----
-
-WARNING: Enabling `spring-boot-devtools` on a remote application is a security risk.
-You should never enable support on a production deployment.
+Then you need to set the configprop:spring.devtools.remote.secret[] property.
+Like any important password or secret, the value should be unique and strong such that it cannot be guessed or brute-forced.
 
 Remote devtools support is provided in two parts: a server-side endpoint that accepts connections and a client application that you run in your IDE.
 The server component is automatically enabled when the configprop:spring.devtools.remote.secret[] property is set.