Clarify synthetics params / secrets docs

docs/en/observability/synthetics-params-secrets.asciidoc

@@ -2,10 +2,12 @@
 [[synthetics-params-secrets]]
 = Work with params and secrets
 
-Params allow you to use dynamically defined values, including sensitive information, in your
+Params allow you to use dynamically defined values, in your
 synthetic monitors. For example, you may want to test a production website with a particular
 demo account whose password is only known to the team managing the synthetic monitors.
 
+Please read the <<synthetics-sensitive-secret, documentation on sensitive values>>for more information on security-sensitive use cases.
+
 [discrete]
 [[synthetics-params-secrets-define]]
 = Define params
@@ -148,11 +150,15 @@ Your synthetics scripts may require the use of passwords or other sensitive secr
 
 [WARNING]
 ====
-Because synthetics scripts have no limitations, a malicious script author could write a
-synthetics journey that exfiltrates `params` and other data at runtime.
+Please note that params are viewable in plain-text by administrators and other users with "all" privileges for
+the synthetics app.
+Additionally, note that synthetics scripts have no limitations on accessing these values, and  a malicious script author could write a
+synthetics journey that exfiltrates `params` and other data at runtime. 
 Do *not* to use truly sensitive passwords (for example, an admin password or a real credit card)
 in *any* synthetics tools.
 Instead, set up limited demo accounts, or fake credit cards with limited functionality.
+If you want to limit access to parameters ensure that that users who are not supposed to access those values do not have "all" privileges
+for the Synthetics app, and that any scripts that use those values do not leak them in network requests or screenshots.
 ====
 
 If you are managing monitors with projects, you can use environment variables