I found the answer in III(a) of their academic paper. It makes an AJAX request and does not load the response into the DOM.

The paper talks about the problem of this being distinguishable from a real click (which would parse the response, render HTML & CSS, execute JS, parse CSS, possibly play audio and video files, etc.).

The additional risk in their current implementation seems minimal. Future versions may depend more on sandboxing technologies for protection.