[8organicbits]

> you try to tell your friend “hey I sent weddingpictures.zip to your email” and your friend clicks the resulting link, thereby being redirected to a trick site that steals your SSN.

Information theft seems possible, SSN less so, but I was more concerned about downloads.

Clicking on an auto-linkified weddingpictures.zip could autodownload a zip file containing malware. You may trust your friend but the zip file is not from them.

I think the lack of auto-linkification has a lot to due with why we aren't seeing real phishing attacks using the ZIP TLD. So I feel like we warned, the industry reacted by not autolinkifying, and disaster was averted.