https://verialabs.com/blog/from-mcp-to-shell documents some attacks that arise from trusting the authentication URLs served by MCP servers.
We should fix this along the lines of modelcontextprotocol/typescript-sdk#877, by preventing certain URL schemes.