The issue is relevant only for scenarios, when you allow users to author, freely edit and save HTML templates on the server side. We find that as a bad practice in general.

It makes teoretically possible to address undesired resources (for example, images) on the server side. Of course, the addressing possibilities are limited by permissions of the user account, the application server runs under.

The most recent PD4ML betas implement a configuration parameter to limit the resource addressing scope.