include AGL's and Emlun's suggestions, thx!

index.bs

@@ -6524,7 +6524,7 @@ to obtain all of the above security benefits. However, one notable use case that
 
 Simplistic use of WebAuthn in an embedded context, e.g., within <{iframe}>s as described in [[#sctn-iframe-guidance]], may make users vulnerable to <dfn>UI Redressing</dfn> attacks, also known as "[Clickjacking](https://en.wikipedia.org/wiki/Clickjacking)". This is where an attacker overlays their own UI on top of a [=[RP]=]'s intended UI and attempts to trick the user into performing unintended actions with the [=[RP]=]. For example, using these techniques, an attacker might be able to trick users into purchasing items, transferring money, etc.
 
-Therefore, it is important for an [=[RP]=] having embedded WebAuthn-wielding content to ensure that their content's UI is visible to the user. An emerging means to do so is by observing the status of the experimental [Intersection Observer v2](https://w3c.github.io/IntersectionObserver/v2/)'s `isVisible` attribute. For example, the [=[RPS]=] script running in the embedded context could pre-emptively load itself in a popup window if it detects `isVisble` being set to `false`, thus side-stepping any occluding of their content that may be occuring over the embedded content.
+Even though WebAuthn-specific UI is typically handled by the [=client platform=] and thus is not vulnerable to [=UI Redressing=], it is likely important for an [=[RP]=] having embedded WebAuthn-wielding content to ensure that their content's UI is visible to the user. An emerging means to do so is by observing the status of the experimental [Intersection Observer v2](https://w3c.github.io/IntersectionObserver/v2/)'s `isVisible` attribute. For example, the [=[RP]=]'s script running in the embedded context could pre-emptively load itself in a popup window if it detects `isVisble` being set to `false`, thus side-stepping any occlusion of their content.