chore: condense env route security comments

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/workspaces/[id]/environment/route.test.ts

@@ -71,10 +71,8 @@ describe('GET /api/workspaces/[id]/environment', () => {
 
       const body = await res.json()
       expect(body.data.workspace).toEqual({ OPENAI_API_KEY: '', DATABASE_URL: '' })
-      // Plaintext workspace secrets must never reach non-admins.
       expect(JSON.stringify(body.data.workspace)).not.toContain('sk-live-secret-value')
       expect(JSON.stringify(body.data.workspace)).not.toContain('postgres://')
-      // The caller's own personal values are still returned.
       expect(body.data.personal).toEqual(ENV_RESULT.personalDecrypted)
     }
   )

apps/sim/app/api/workspaces/[id]/environment/route.ts

@@ -56,9 +56,7 @@ export const GET = withRouteHandler(
       const { workspaceEncrypted, workspaceDecrypted, personalDecrypted, conflicts } =
         await getPersonalAndWorkspaceEnv(userId, workspaceId)
 
-      // Plaintext workspace secrets are restricted to workspace admins. Non-admins receive only
-      // the variable names (with empty values) so env references can still be validated and
-      // highlighted in the editor without exposing the decrypted secret values.
+      // Only workspace admins may read plaintext secrets; others get variable names with empty values.
       const workspace =
         permission === 'admin'
           ? workspaceDecrypted