It doesn't need to be an exploit, preventing broken SSL is enough reason not to do it. Also, external content can be used to track memo users.
You can't implement a system to block broken SSL requests from rendering images to display? Not to sound anti-privacy, but there are plenty of other ways to track Memo users already.
