"$user" and SESSION_USER and CURRENT_USER

hi,

sorry for my message. I'm tiny confused about the next one. could you 
help me?:

here -- https://www.postgresql.org/docs/11/runtime-config-client.html

there is the text """If one of the list items is the special name $user, 
then the schema having the name returned by SESSION_USER is substituted, 
if there is such a schema and the user has USAGE permission for it. (If 
not, $user is ignored.)""".

but actualy "$user" substitutes CURRENT_USER-value (not 
SESSION_USER-value).

it's good because it would be a SECURITY VULNERABILITY if "$user" 
substituted SESSION_USER-value (in conjunction with security definer 
functions).

in case of CURRENT_USER-value we have no the vulnerable. which is good 
:-)

but is there error in documentation text (runtime-config-client.html) , 
isn't?

thank you in advance.