Add notes on security

Author: wooorm

readme.md

@@ -275,6 +275,11 @@ Yields:
 *   § — Not very interested in writing / including the code for this
 *   ‖ — Too new, the spec is still changing
 
+## Security
+
+`hast-util-select` does not change the syntax tree so there are no openings for
+[cross-site scripting (XSS)][xss] attacks.
+
 ## Contribute
 
 See [`contributing.md` in `syntax-tree/.github`][contributing] for ways to get
@@ -339,4 +344,6 @@ abide by its terms.
 
 [element]: https://github.com/syntax-tree/hast#element
 
+[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting
+
 [support]: #support