Added comments about seccureKeys for configuration files encryption

svn path=/nixos/trunk/; revision=12342

system/options.nix

@@ -2468,6 +2468,12 @@
 	description = "
 	  Public key. Make it path argument, so it is copied into store and
 	  hashed. 
+
+	  The key is used to encrypt Gateway 6 configuration in store, as it
+	  contains a password for external service. Unfortunately, 
+	  derivation file should be protected by other means. For example, 
+	  nix-http-export.cgi will happily export any non-derivation path,
+	  but not a derivation.
 	";
       };
       private = mkOption {