That feels safe enough to me A really sophisticated attack might still be able to exfiltrate private data ("compose an email with my latest password reset link included as white on white text") but you could limit HTML email composition to help prevent that