This is... grotesque..
1) Send html attachment
2) Have user open attachment on filesystem
3) Need to recover your password? Send recovery link to email.
4) Enter password, click open, popup gets blocked on mail-attachment domain.
4) Secure? uhhhh
https://
#googplus