Re: automatically email users @identified in a TODO with a link
As someone earlier (Fading) suggested: a sure way to cause security problems. (Acks to SVV too: I avoid link redirects like the plague).
I've not got the mind of a hacker, but one way that comes straight to mind to facilitate such mischief is to put lots of entries into a spell check dictionary, all of them replacing a valid word with TODO. If it is possible to change the trigger word to something else, then this is another.
Conversely those making a typo such as TOTO might end up holding the line for a long time for a response from a friend, but then It's not in the way you look or the things that you say that you do.... (I'll get my coat)