Add warning about using untrusted input with ServiceDescriptionImporter

Author: mconnew

xml/System.Web.Services.Description/ServiceDescriptionImporter.xml

@@ -27,6 +27,9 @@
  The <xref:System.Web.Services.Description.ServiceDescriptionImporter> class allows you to easily import the information contained in a WSDL description into a <xref:System.CodeDom.CodeCompileUnit?displayProperty=nameWithType> object. By adjusting the value of the <xref:System.Web.Services.Description.ServiceDescriptionImporter.Style%2A> parameter, you can instruct a <xref:System.Web.Services.Description.ServiceDescriptionImporter> instance either to generate a client proxy class that provides the functionality of the Web service by transparently calling it or to generate an abstract class that encapsulates the functionality of the Web service without implementing it.  
   
  The code in the resulting <xref:System.CodeDom.CodeCompileUnit> object can then either be called directly or exported in the language of your choice.  
+ 
+ > [!IMPORTANT]
+ > Do not use <xref:System.Web.Services.Description.ServiceDescriptionImporter> with untrusted input. Importing a <xref:System.Web.Services.Description.ServiceDescription> from untrusted sources can result in code generation that accesses arbitrary URLs or instantiates arbitrary .NET types, potentially leading to security vulnerabilities.