Many of the posible issues I've found are related to email clients bugs. But it seems that the web viewer can send information to the server and embedded images might use sensitive information in their URL.
http://www.zzee.com/email-security/ http://www.firstpr.com.au/sys-admin/HTML-email/
