there is no valid reason behind blocking top level navigation to data uris

only actual reasons are centralization and kyc

there is no real difference between linkin to a https url or data url, other than centralization and kyc

to link to https url, someone has to 1) buy centralized kyc domain name

and 2) rent centralized kyc web server

however, to link to data url, neither of these is needed

data urls enable serverless webapps to be built by anyone to be hosted by any (social) platform that supports text data, like nostr for example

disabling data uris for reasons like "ooh, but bad sites open data uri popups with malware" is no different from "ooh, but bad sites open http urls with malware".

owning domain name and server does not make any site not malware

there is zero security guarantee for such. owning icann domain name is mainly just building centralized kyc infra which the whole digital economy tends to go towards