alt Hacker NewsMarkdown is readable as plain text, that's kind of the point of it
There's also a pretty large jump between "I can ask the system to open this link in the default browser" and "I have built my own link handling in a memory-unsafe language to support some really fringe features, and oops it's exploitable"
Except memory-unsafe and fringe features have nothing to do with this CVE, which seems incredibly dumb on the face of it.
Replace Notepad with Chrome or Edge - clicking on a link downloads content from the Internet! Oh noes!