Add paragraph regarding cache security assumptions (#4900)

docs: tell about borg cache security precautions

docs/faq.rst

@@ -352,6 +352,22 @@ to change them.
 Security
 ########
 
+.. _cache_security:
+
+Do I need to take security precautions regarding the cache?
+-----------------------------------------------------------
+
+The cache contains a lot of metadata information about the files in
+your repositories and it is not encrypted.
+
+However, the assumption is that the cache is being stored on the very
+same system which also contains the original files which are being
+backed up. So someone with access to the cache files would also have
+access the the original files anyway.
+
+If you ever need to move the cache to a different location, this can
+be achieved by using the appropriate :ref:`env_vars`.
+
 How can I specify the encryption passphrase programmatically?
 -------------------------------------------------------------
 

docs/usage_general.rst.inc

@@ -257,7 +257,8 @@ Directories and files:
         Default to '~/.config/borg'. This directory contains the whole config directories.
     BORG_CACHE_DIR
         Default to '~/.cache/borg'. This directory contains the local cache and might need a lot
-        of space for dealing with big repositories.
+        of space for dealing with big repositories. Make sure you're aware of the associated
+        security aspects of the cache location: :ref:`cache_security`
     BORG_SECURITY_DIR
         Default to '~/.config/borg/security'. This directory contains information borg uses to
         track its usage of NONCES ("numbers used once" - usually in encryption context) and other