Yes. There was a bug a few years back though where they would display attached SVG images. These images could actually contain javascript, which left it vulnerable to XSS.
Why is zzz90210's post dead? Everyone knows about tracking via images. I never considered something like bgsound, probably a lot of other people did not as well.
mike-cardwell|14 years ago
aptwebapps|14 years ago
And it's the whole point of the article.
zzz90210|14 years ago
[deleted]