There are a number of issues, e.g. SSL. Even if we require https, sites hosting images could have invalid certs.
Tried researching exploits/vulns based on imgs with external sources. Not really finding anything that serious or that hasn't been fixed. Will look into more.
It doesn't need to be an exploit, preventing broken SSL is enough reason not to do it. Also, external content can be used to track memo users.
You can't implement a system to block broken SSL requests from rendering images to display? Not to sound anti-privacy, but there are plenty of other ways to track Memo users already.
My test vector was spoofing the return header and sending back something that's not an image.
