Update signing command documentation

Per https://github.com/ripple/rippled/pull/2657, the signing commands
should not be used as public methods and this usage is disabled in
rippled v1.1.0 and later.

content/references/rippled-api/public-rippled-methods/transaction-methods/sign.md

@@ -3,6 +3,9 @@
 
 The `sign` method takes a [transaction in JSON format](transaction-formats.html) and a secret key, and returns a signed binary representation of the transaction. The result is always different, even when you provide the same transaction JSON and secret key. To contribute one signature to a multi-signed transaction, use the [sign_for method][] instead.
 
+{% include '_snippets/public-signing-note.md' %}
+<!--_ -->
+
 **Caution:** Unless you run the `rippled` server yourself, you should do [local signing with RippleAPI](rippleapi-reference.html#sign) instead of using this command. An untrustworthy server could change the transaction before signing it, or use your secret key to sign additional arbitrary transactions as if they came from you.
 
 ## Request Format

content/references/rippled-api/public-rippled-methods/transaction-methods/sign_for.md

@@ -3,6 +3,9 @@
 
 The `sign_for` command provides one signature for a [multi-signed transaction](multi-signing.html).
 
+{% include '_snippets/public-signing-note.md' %}
+<!--_ -->
+
 This command requires the [MultiSign amendment](known-amendments.html#multisign) to be enabled. [New in: rippled 0.31.0][]
 
 ## Request Format
@@ -89,13 +92,16 @@ The request includes the following parameters:
 |:-------------|:---------------------|:---------------------------------------|
 | `account`    | String - [Address][] | The address which is providing the signature. |
 | `tx_json`    | Object               | The [Transaction](transaction-formats.html) to sign. Unlike using the [sign method][], all fields of the transaction must be provided, including `Fee` and `Sequence`. The transaction must include the field `SigningPubKey` with an empty string as the value. The object may optionally contain a `Signers` array with previously-collected signatures. |
-| `secret`     | String               | _(Optional)_ The secret key to sign with. (Cannot be used with `key_type`.) |
-| `passphrase` | String               | _(Optional)_ A passphrase to use as the secret key to sign with. |
-| `seed`       | String               | _(Optional)_ A [base58][]-encoded secret key to sign with. |
-| `seed_hex`   | String               | _(Optional)_ A hexadecimal secret key to sign with. |
-| `key_type`   | String               | _(Optional)_ The type of key to use for signing. This can be `secp256k1` or `ed25519`. (Ed25519 support is experimental.) |
+| `secret`       | String  | _(Optional)_ Secret key of the account supplying the transaction, used to sign it. Do not send your secret to untrusted servers or through unsecured network connections. Cannot be used with `key_type`, `seed`, `seed_hex`, or `passphrase`. |
+| `seed`         | String  | _(Optional)_ Secret key of the account supplying the transaction, used to sign it. Must be in [base58][] format. If provided, you must also specify the `key_type`. Cannot be used with `secret`, `seed_hex`, or `passphrase`. |
+| `seed_hex`     | String  | _(Optional)_ Secret key of the account supplying the transaction, used to sign it. Must be in hexadecimal format. If provided, you must also specify the `key_type`. Cannot be used with `secret`, `seed`, or `passphrase`. |
+| `passphrase`   | String  | _(Optional)_ Secret key of the account supplying the transaction, used to sign it, as a string passphrase. If provided, you must also specify the `key_type`. Cannot be used with `secret`, `seed`, or `seed_hex`. |
+| `key_type`     | String  | _(Optional)_ Type of cryptographic key provided in this request. Valid types are `secp256k1` or `ed25519`. Defaults to `secp256k1`. Cannot be used with `secret`. **Caution:** Ed25519 support is experimental. |
 
-You must provide exactly 1 field with the secret key. You can use any of the following fields: `secret`, `passphrase`, `seed`, or `seed_hex`.
+You must provide **exactly 1 field** with the secret key, which can be either of the following:
+
+* Provide a `secret` value and omit the `key_type` field. This value can be formatted as [base58][] seed, RFC-1751, hexadecimal, or as a string passphrase. (secp256k1 keys only)
+* Provide a `key_type` value and exactly one of `seed`, `seed_hex`, or `passphrase`. Omit the `secret` field. (Not supported by the commandline syntax.)
 
 ## Response Format
 

content/references/rippled-api/public-rippled-methods/transaction-methods/submit.md

@@ -62,6 +62,8 @@ submit 1200002280000000240000000361D4838D7EA4C6800000000000000000000000000055534
 
 This mode signs a transaction and immediately submits it. This mode is intended to be used for testing. You cannot use this mode for [multi-signed transactions](multi-signing.html).
 
+_By default, sign-and-submit mode is [admin-only](admin-rippled-methods.html)._ It can be used as a public method if the server has [enabled public signing](enable-public-signing.html).
+
 You can provide the secret key used to sign the transaction in the following ways:
 
 * Provide a `secret` value and omit the `key_type` field. This value can be formatted as [base58][] seed, RFC-1751, hexadecimal, or as a string passphrase. (secp256k1 keys only)