[citricsquid]

I think the point mrspandex was making is not "this being possible is bad..." but "if this becomes the accepted way to handle web links" is bad. It's not dangerous that this method exists, it would be dangerous if the average user came to experience and accept it as the "standard" for web links. All it takes is users to assume "my address bar which I can rely on is icon + address, therefore icon + address on a web page is safe too!".

[Groxx]

Ehhh... I can see the argument, but it seems to me to be precisely on par with that you can put arbitrary text inside a <a> tag. Which means a link which looks like http://www.amazon.com might not actually go there. Some people confuse this, some don't, but many have been 'trained' by spam to check the address on mouse-over.

[ville]

At least modern browsers don't let the page to cloak the address by setting window.status anymore. IIRC that was quite popular in 1990s.

[jsprinkles]

Fair. I agree with that.