Update readme

Author: sindresorhus

readme.md

@@ -16,11 +16,12 @@ We accept contributions for commonly used modern file formats, not historical or
 npm install file-type
 ```
 
-**This package is an ESM package. Your project needs to be ESM too. [Read more](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c). For TypeScript + CommonJS, see [`load-esm`](https://github.com/Borewit/load-esm).**
+**This package is an ESM package. Your project needs to be ESM too. [Read more](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c). For TypeScript + CommonJS, see [`load-esm`](https://github.com/Borewit/load-esm).** If you use it with Webpack, you need the latest Webpack version and ensure you configure it correctly for ESM.
 
-If you use it with Webpack, you need the latest Webpack version and ensure you configure it correctly for ESM.
-
-File type detection is based on binary signatures (magic numbers) and should be treated as a best-effort hint, not a guarantee.
+> [!IMPORTANT]
+> File type detection is based on binary signatures (magic numbers) and is a best-effort hint. It does not guarantee the file is actually of that type or that the file is valid/not malformed.
+>
+> Robustness against malformed input is best-effort. When processing untrusted files on a server, use a worker thread with a timeout (e.g., [`make-asynchronous`](https://github.com/sindresorhus/make-asynchronous)) to prevent malformed inputs from potentially blocking the event loop.
 
 ## Usage