Why does Extension:Inline SVG not solve security issues by do the same security checks as did in uploaded SVG files?