That's a valid concern, especially given the confusion we saw with .zip or .mov TLDs. But from a security engineering perspective, the bigger 'Markdown hole' I worry about is injection. When we render untrusted AI output into HTML for email, the sanitization pipeline becomes critical. I'd be curious to see how this library handles potential XSS vectors during the MD-to-HTML conversion.