fix(patch): cherry-pick e9a9474 to release/v0.29.0-preview.0-pr-18840 to patch version v0.29.0-preview.0 and create version 0.29.0-preview.1 (#18841)

Co-authored-by: Adib234 <30782825+Adib234@users.noreply.github.com>

docs/tools/mcp-server.md

@@ -739,21 +739,10 @@ The MCP integration tracks several states:
   cautiously and only for servers you completely control
 - **Access tokens:** Be security-aware when configuring environment variables
   containing API keys or tokens
-- **Environment variable redaction:** By default, the Gemini CLI redacts
-  sensitive environment variables (such as `GEMINI_API_KEY`, `GOOGLE_API_KEY`,
-  and variables matching patterns like `*TOKEN*`, `*SECRET*`, `*PASSWORD*`) when
-  spawning MCP servers using the `stdio` transport. This prevents unintended
-  exposure of your credentials to third-party servers.
-- **Explicit environment variables:** If you need to pass a specific environment
-  variable to an MCP server, you should define it explicitly in the `env`
-  property of the server configuration in `settings.json`.
 - **Sandbox compatibility:** When using sandboxing, ensure MCP servers are
-  available within the sandbox environment.
+  available within the sandbox environment
 - **Private data:** Using broadly scoped personal access tokens can lead to
   information leakage between repositories.
-- **Untrusted servers:** Be extremely cautious when adding MCP servers from
-  untrusted or third-party sources. Malicious servers could attempt to
-  exfiltrate data or perform unauthorized actions through the tools they expose.
 
 ### Performance and resource management