Some websites have that vcard download stuff. I assume it is as vulnerable
to harvesting as mailto:?