Update comments

We don't rely on the fact that the script is run during startup for
security, because an attacker running as amnesia could also run code
during startup, e.g. via the Dotfiles feature to add systemd units in
/home/amnesia.