Agreed. Currently it’s arguably easier to obfuscate where a link is really going on a webpage than it is in email. I can code a webpage link to Google.com, but overwrite it with ‘evilspammer.com’ as you click it, as long as JS is available. In email I can’t think of a way of hiding a bad link from hover.
But a form would allow you to hide that URL destination away from anyone not viewing and understanding the source.
I wonder why browser makers have never tried to feed the destination URLs from forum submit buttons back to the status bar?