Write up a "how to report bugs and security issues, and what happens then" post or FAQ

We should summarize our current security process on a blog post, FAQ entry, or on the contact page. This hasn't gotten enough attention, since everybody's so busy, but

We should at the minimum let people know:

What issues to do this way and what should just go on the bugtracker. And why.
How to report bugs in general.
What to expect if you report a security issue.
Our current issue evaluation and response process, the history thereof.

This should be someplace pretty easy to find. A longer blog post and a shorter faq or contact entry seems smart to me.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information