in reply to Javascript and other evil goodies

I agree with the learned brethren's comments, but I am uncertain it will work. I use href tags ( referring to other nodes on the site, referring to places not on the site, etc ) a lot. Once we allow href tags, do we really have any security? Can you write a parser that can tell the difference between me referring to myself ( like my sig ), using a mailto: tag ( several people like the "send email to x" sig ) and logging people out?