yet your system forces me to re-sign in.
A mailto link isn’t a system. If you have multiple e-mail clients, it is your system that is simply poorly configured.
Your first link refers to four vulnerabilities in different software that are now all patched.
The exploit in your second link relies on the attacked actually pressing the Send button, revealing their preferred e-mail address. How do you expect Itch to know to whom they are speaking without knowing your address?
The third link isn’t even a vulnerability.
The first link speaks of some serious stuff, but if some implementations having vulnerabilities is enough to throw away an entire protocol, then we would’ve thrown away HTTP because some servers are prone to path traversal. The article is from 2020, anyway.
Lastly, the mailto link is visible to everyone: mailto:support@itch.io. No attach parameter, no nothing.