chore: clarify order of preference for reporting vulnerabilities

SECURITY.md

@@ -17,7 +17,7 @@ In the near future we will introduce versioning, so expect this section to chang
 
 **Do not submit an issue or pull request**: this might reveal the vulnerability.
 
-Instead, you should email the maintainers directly at: [**[email protected]**](mailto:[email protected]),
-or using the link to [privately report a vulnerability with GitHub](https://github.com/ohmyzsh/ohmyzsh/security/advisories/new).
+Instead, you should use the form to [privately report a vulnerability to us via GitHub](https://github.com/ohmyzsh/ohmyzsh/security/advisories/new)
+or email the maintainers directly at: [**[email protected]**](mailto:security@ohmyz.sh).
 
 We will deal with the vulnerability privately and submit a patch as soon as possible.