I suspect they've done it deliberately, to avoid having a malware link on their site. With the link as given, a reader would have to consciously change the 'x' for a 'p' to visit it, making it unlikely that anyone would do it accidentally.
That makes sense, and would also explain why they chose to put it in a <textarea>, I suppose. Still, it feels as if the apparent intended audience would be aware of the risks without them having to go through the trouble.