The original documentation on flexible controllers got removed/rewritten as every choice is now using flexible controllers, but the ability to use a party from a choice argument as a controller and its security implications are not documented.
Document "flexible" controllers where a controller can be a party from an argument and the motivation/use-cases for doing this based on the blogpost.
Highlight the security implications of opening up choices to arbitrary controllers, in particular if there are no further guards in place, in combination with explicit disclosure and interfaces, where a disclosed contract with "open" controllers anyone can exercise a choice and with interfaces the guards in a choice's implementation can change.
The original documentation on flexible controllers got removed/rewritten as every choice is now using flexible controllers, but the ability to use a party from a choice argument as a controller and its security implications are not documented.