Merge branch '842-untrusted-user-input-warning' into 'main'

chore(docu): Add warning about untrusted user input

See merge request !101

README.md

@@ -150,9 +150,13 @@ final EncryptedSubmissionPayload frontendEncryptedPayload = EncryptedSubmissionB
         .build();
 
 final SentSubmission sentSubmission = senderClient.submit(frontendEncryptedPayload);
-
 ```
 
+| **Important** |
+| ------------- |
+| If destination id (`destinationId`) and service type (`leikaKey`) are provided by a frontend component, they MUST NOT be blindly trusted. Instead, the sender's backend MUST check if sending submissions of this service type to the specified destination is allowed. |
+
+
 ### Hand in a new submission with unencrypted data
 
 If all data, metadata and attachments are encrypted in the sender using the SDK, the client automatically handles the encryption.