Filed an issue to address this particular concern.
Thanks joepie91 for finding the folks responsible and getting the conversation started.
Currently, SVG is a security foot-cannon that allows attackers to upload a Stored XSS payload when a user views the image directly. Example.