Add documentation about the security of overrides (#3725)

(cherry picked from commit e2362ce74fbf2c6b8a01d6c11bdf1576c1737b64)

docs/modules/ROOT/pages/extending-contracts.adoc

@@ -122,3 +122,8 @@ contract MyToken is ERC20 {
 ```
 That's it! Enjoy simpler code using hooks!
 
+== Security
+
+The maintainers of OpenZeppelin Contracts are mainly concerned with the correctness and security of the code as published in the library, and the combinations of base contracts with the official extensions from the library.
+
+Custom overrides, and those of hooks in particular, may break some important assumptions and introduce vulnerabilities in otherwise secure code. While we try to ensure the contracts remain secure in the face of a wide range of potential customizations, this is done in a best-effort manner. Similarly, while we try to document all important assumptions, this should not be relied upon. Custom overrides should be carefully reviewed and checked against the source code of the contract they are customizing so as to fully understand their impact and guarantee their security.