Improve docs about //visibility:public

https://r.android.com/3252814 modified the visibility to
//visibility:public to account for visibility skew between development
and release branches.

Drop the comment about stub libraries being safe to use by any _rdep_.
There might be cases where this is not true.

Test: N/A
Bug: 239189932
Change-Id: I74ca661a40384d480148f5e18f76495e837c58e3
diff --git a/sdk/update.go b/sdk/update.go
index 2a054e7..a4dc414 100644
--- a/sdk/update.go
+++ b/sdk/update.go
@@ -1118,12 +1118,14 @@
 		// Since module sdks are generated from release branches and dropped to development
 		// branches, there might be a visibility skew between the sources and prebuilts
 		// of a specific module.
-		// To reconcile this potential skew, change the visibility to public
+		// To reconcile this potential skew, change the visibility to public.
 		//
-		// This is safe for (1) since these are stub libraries.
-		// This is ok for (2) since these are host and test exports and are intended for
-		// ART development.
-		// TODO (b/361303067): This can be removed if ART uses full manifests.
+		// This means dependencies can bypass visibility restrictions when prebuilts are used, so we rely
+		// on source builds in CI to check them.
+		//
+		// TODO (b/361303067): This special case for category (2) can be removed if existing usages
+		// of host/test prebuilts of modules like conscrypt,tzdata,i18n are switched to source builds.
+		// It will also require ART switching to full manifests.
 		m.AddProperty("visibility", []string{"//visibility:public"})
 	}