Automatically downloaded attachments causing potential security issues

Whatever caching/fetching is being used for attachments might be causing a potential security risk.
I occasionally receive emails with a trojan attachment which I didn’t think it was going to be an issue as I could just delete the email and not have any issues.
That was until Windows (thankfully) caught one being downloaded anyway and quarantined it.

I need a few explanations on this:
Is this because of the preview option for attachments?
If it isn’t, is Mailspring automatically downloading attachments?
If it is, why isn’t there an option to turn that off?