DOC: Minor readme updates

Author: kernc

README.md

@@ -11,11 +11,11 @@ sandbox-run: run command in a secure OS sandbox
 
 #### Problem statement
 
-Running other people's programs is insecure. 
+Running other people's programs is inherently insecure.
 [Rogue dependencies](https://www.google.com/search?q=malicious+python+packages&tbm=nws)\*
 🎯 or [hacked library code](https://www.google.com/search?q=(hacked+OR+hijacked+OR+backdoored+OR+"supply+chain+attack")+(npm+OR+pypi)&tbm=nws&num=100)
 :pirate_flag: ([et cet.](https://slsa.dev/spec/draft/threats-overview) :warning:)
-can wreak havoc, including access all your private parts** :bangbang:—think
+**can wreak havoc, including access all your private parts** :bangbang:—think
 all current user's credentials and more personal bits like:
 * `~/.ssh`,
 * `~/.pki/nssdb/`,
@@ -30,12 +30,12 @@ relies on impeccability of hundreds or thousands of dependencies, NodeJS and Chr
 
 Run scary software in separate secure containers:
 ```shell
-podman run -it -v .:/src -e PATH=/src debian:stable-slim scary-binary
+podman run --rm -it -v "$PWD:$PWD" --net=host --workdir="$PWD" debian:stable-slim ./scary-binary
 ```
 or you can simply 
 `sandbox-run scary-binary`
-which uses [bubblewrap](https://github.com/containers/bubblewrap)** (of
-[Flatpak](https://en.wikipedia.org/wiki/Flatpak) fame) under the hood.
+which uses [**bubblewrap**](https://github.com/containers/bubblewrap) (of
+[Flatpak](https://en.wikipedia.org/wiki/Flatpak) fame) to spawn your native OS container under the hood.
 
 
 Installation
@@ -166,5 +166,5 @@ You see a mistake—you fix it. Thanks!
 
 Viable alternatives
 -------------------
-See a few alternatives discussed over at
+See a few alternatives discussed over at sister project
 [`sandbox-venv`](https://github.com/sandbox-utils/sandbox-venv/#Viable-alternatives).