Apply review suggestions

docs/faq.rst

@@ -710,14 +710,15 @@ Send a private email to the :ref:`security contact <security-contact>`
 if you think you have discovered a security issue.
 Please disclose security issues responsibly.
 
-How important is path/to/repo/nonce?
+How important are the nonce files?
 ------------------------------------
 
 Borg uses :ref:`AES-CTR encryption <borg_security_critique>`. An
 essential part of AES-CTR is a sequential counter that must **never**
 repeat. If the same value of the counter is used twice in the same repository,
 an attacker can decrypt the data. The counter is stored in the home directory
-of each user (under $HOME/.config/borg/security) as well as in the repository. When creating a new archive borg uses
+of each user ($HOME/.config/borg/security/$REPO_ID/nonce) as well as
+in the repository (/path/to/repo/nonce). When creating a new archive borg uses
 the highest of the two values. The value of the counter in the repository may be
 higher than your local value if another user has created an archive more recently
 than you did.
@@ -726,8 +727,8 @@ Since the nonce is not necessary to read the data that is already encrypted,
 ``borg info``, ``borg list``, ``borg extract`` and ``borg mount`` should work
 just fine without it.
 
-If the path/to/repo/nonce is lost, but you still have your local copy,
-borg will recreate path/to/repo/nonce the next time you run ``borg create``.
+If the the nonce file stored in the repo is lost, but you still have your local copy,
+borg will recreate the repository nonce file the next time you run ``borg create``.
 This should be safe for repositories that are only used from one user account
 on one machine.