Tighten the warning against other leaks

source

@@ -86599,6 +86599,12 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> {
      sensitive information.</li>
      <li>Autofill which may not require user interaction for same-origin documents.</li>
     </ul>
+    <p>Developers using <code data-x="coop-noopener-allow-popups">nooopener-allow-popups</code>
+    need to make sure that their sensitive applications don't rely on client-side features
+    accessible to other same-origin documents, e.g. localStorage and other client-side storage APIs,
+    BroadcastChannel and related same-origin communication mechanisms. They also need to make sure
+    that their server-side endpoints don't return sensitive data to non-navigation requests, whose
+    response content is accessible to same-origin documents.</p>
     </div>
    </dd>
   </dl>