Disallow external entity injection and clean up some log messages

While reviewing the Falcon code, it was found that there is a potential for an external entity to be injected during XML entity parsing.

Also in the data source entity parsing, we would like to avoid the location of the credential files which can be potentially used for exploiting