docs: FAQ.md: Fix formatting and adjust tone

FAQ.md

@@ -18,19 +18,18 @@ Simply put, this is unnecessary. Putting the kernel/modules in a readable FAT32
 partition and letting Limine know about their BLAKE2B checksums in the config
 file provides as much security as encrypting the kernel does.
 
-### What? But what if someone modifies the config file! Ha! You clearly have
+### What if a malicious actor modifies the config file?
-### not thought about that!
 
-We have. While this is a pointless effort on legacy x86 BIOS, it is a
+While this is a pointless effort on legacy x86 BIOS, it is a reasonable
-reasonable expectation on UEFI systems with Secure Boot. Limine provides a way
+expectation to secure the boot sequence on UEFI systems with Secure Boot.
-to modify its own EFI executable to bake in the BLAKE2B checksum of the config
+Limine provides a way to modify its own EFI executable to bake in the BLAKE2B
-file itself. The EFI executable can then get signed with a key added to the
+checksum of the config file itself. The EFI executable can then get signed with
-firmware's keychain. This prevents modifications to the config file (and in
+a key added to the firmware's keychain. This prevents modifications to the
-turn the checksums contained there) from going unnoticed.
+config file (and in turn the checksums contained there) from going unnoticed.
 
-### But I don't want to have a separate FAT boot partition! I don't want it!
+### I do not want to have a separate FAT boot partition! What can I do?
 
-Well tough luck. It is `$year_following_2012` now and most PCs are equipped
+It is `$year_following_2012` now and most PCs are equipped with UEFI and simply
-with UEFI and simply won't boot without a FAT EFI system partition anyways.
+won't boot without a FAT EFI system partition anyways.
 It is not unreasonable to share the EFI system partition with the OS's /boot
-and store kernels and initramfses there.
+and store kernels, initramfses, and any other files needed for boot there.