What kind of a weirdo uses PGP but enables a gaping security hole like turning on HTML rendering in their email client? I know thunderbird has it off by default and you have to manually click in each email if you want to enable HTML.

It's still a notable exploit but i really don't see this being much of an issue for the average user of PGP. Am I missing something? Why are these articles telling people to stop using PGP? PGP is fine, HTML rendering in emails is the issue, and that's ALWAYS been a security risk.