Maybe we can run external URLs (as opposed to event IDs) through a content scanner that automatically blocks suspect images or sites.