I need to enable image embeds (and expose myself to remote code execution if the image libraries have RCE bugs) to see bot statements on Discord. This is a conflation of the preference that is counterintuitive and contradicts what the preference says. I would like to see what bots have to say--which are all text and thus not exploitable--without exposing myself to potential remote code execution bugs.
I have image embeds and all of those features turned off because it is possible--however improbable--for a remote attacker to specially craft an image that exploits a vulnerability in the image libraries my client is using. Disabling image embeds means I need to click the image link to open the image, thereby reducing my attack surface to only images from people I trust rather than anyone coming onto the server hoping to zeroday root anyone on the server they've just joined.