Security gurus of FC: anything we should be wary of when it comes to frames?

I understand certain data is signed + sent when clicking a button — I trust @varun and team have thought things through, but the paranoid part of me wonders how frames could be used maliciously

nf.td/mark 🟪 Forward-Deployed Software Engineer (Healthcare @ Palantir) 🟪 FID 1351

a legit looking frame experience could try to redirect you to a malicious site (e.g. visit X site to complete your airdrop claim, read article, etc.)

but that goes for any link you see on the internet

co-conspirator @ gallery.so • prev coinbase • /gallery /djs /robin • my casts are endorsements, financial advice, and reflect my employer's opinions

Except that we have onchain history of which accounts posted that link, dunno how possible it is to backtrace but presumably could find the onchain networks of spammers/scammers and block globally based on that (any content signed by addresses associated with 0x....)