Does anyone know why sending emails from transactions now requires Allow JS/HTML upload permission? I want to make sure I understand why that is... i.e. if the intent was to protect the account from getting nefarious JS / HTML files, presumably from attacks - why make that permission a requirement for a base feature such as sending an email message from a transaction. It could have been smarter than that.