MailSpring should provide safe settings by default, for example (and not limited to) :
- should not process attachments to create thumbnails by default
- should not load mail pictures by default
If an argument must be put on the table, you can look at Zero Click attacks; and it is not the sole problem that can happen when a user opens up a random email.
MailSpring must consider that user should have a chance to read/inspect/delete an email before any payload can be triggered because MailSpring does too much processing.