Adds a security note to the Oauth section (#8901)

* security note

* Update guides/03_additional-features/09_sharing-your-app.md

Co-authored-by: Ali Abdalla <[email protected]>

---------

Co-authored-by: Ali Abdalla <[email protected]>

Author: abidlabs

guides/03_additional-features/09_sharing-your-app.md

@@ -311,6 +311,8 @@ Users can revoke access to their profile at any time in their [settings](https:/
 As seen above, OAuth features are available only when your app runs in a Space. However, you often need to test your app
 locally before deploying it. To test OAuth features locally, your machine must be logged in to Hugging Face. Please run `huggingface-cli login` or set `HF_TOKEN` as environment variable with one of your access token. You can generate a new token in your settings page (https://huggingface.co/settings/tokens). Then, clicking on the `gr.LoginButton` will login your local Hugging Face profile, allowing you to debug your app with your Hugging Face account before deploying it to a Space.
 
+**Security Note**: It is important to note that adding a `gr.LoginButton` does not restrict users from using your app, in the same way that adding [username-password authentication](/guides/sharing-your-app#password-protected-app) does. This means that users of your app who have not logged in with Hugging Face can still access and run events in your Gradio app -- the difference is that the `gr.OAuthProfile` or `gr.OAuthToken` will be `None` in the corresponding functions. 
+
 
 ### OAuth (with external providers)