docs(security): security api doc update and fix stability marker for Type

modules/@angular/core/src/linker/element_ref.ts

@@ -12,6 +12,10 @@
  * An `ElementRef` is backed by a render-specific element. In the browser, this is usually a DOM
  * element.
  *
+ * @security Permitting direct access to the DOM can make your application more vulnerable to
+ * XSS attacks. Carefully review any use of `ElementRef` in your code. For more detail, see the
+ * [Security Guide](http://g.co/ng/security).
+ *
  * @stable
  */
 // Note: We don't expose things like `Injector`, `ViewContainer`, ... here,