You'll always have that threat. The users don't want simple text. It looks great in html most people wont even know about the risk or even understand it.
Considering that html emails simply are not going away, no matter how much one hates them, isn't the best course of action for us developers to mitigate, as best as possible, the risks presented?
Yes, text-only emails make things much simpler from a security standpoint. Text-only websites were also much simpler from a security standpoint.