docs: rephrase first-session alert exception to not reference inbox ownership

Agent-Logs-Url: https://github.com/appwrite/website/sessions/d7226f28-f908-4109-87e9-10d45ba54c47

Co-authored-by: Meldiron <19310830+Meldiron@users.noreply.github.com>

Author: Copilot

src/partials/auth-security.md

@@ -63,7 +63,7 @@ Enable email alerts for your users so that whenever a new session is created for
 
 Session alerts are intentionally skipped in a few situations to avoid redundant or confusing emails:
 
-- **First session after sign-up** — the very first sign-in a user makes after creating their account does not trigger an alert. At this point the user has just proven they own their email address, so a second email about the same event adds no security value. It also prevents a double-email situation in flows where your project may already be sending a welcome or verification email.
+- **First session after sign-up** — the very first sign-in a user makes after creating their account does not trigger an alert. A brand-new account doesn't yet hold anything worthy of protection, so alerting at this stage adds no real security value. It also prevents a double-email situation in flows where your project may already be sending a welcome or verification email.
 - **[Magic URL](/docs/products/auth/magic-url), [Email OTP](/docs/products/auth/email-otp), and [OAuth2](/docs/products/auth/oauth2) sign-ins** — these authentication methods already verify the user's access to the sign-in channel (their inbox or identity provider), so no additional alert is needed.
 - **No email address on file** — users who have not set an email address on their account will not receive alerts.