doc: add note on weakness of permission model

Malicious JavaScript code can bypass the permission model. Hence, it does not fulfill the requirements of a security mechanism against malicious code.

Specifically, JavaScript code can interface with libuv through a file descriptor and execute arbitrary native code. This problem was found by @leesh3288 who submitted a well-written report on the security impact of this issue.

(I am not convinced that we should present this feature as a security mechanism at all at this point because I am quite unsure what guarantees it provides, but this PR just adds a remark on malicious code.)