Michael, Wikipedia is not always an authoritative source.
- The "danger" is that someone might create a favicon that looks like a padlock and causes them to think the site is secure. You and I would not do that, of course, on our Groups.io website.
- It would be configurable for each group, of course. If you chose not to configure it for your group, there would be no link, and you would be no less secure than you are today.
- There's a concern that a favicon in the root would somehow make it easier for malicious folks to compromise the website. Favicons for groups.io would not likely be implemented that way, of course, They would use the alternate syntax that looks something like this:
<link rel="icon" type="image/png" href="https://groups.io/g/NC-LTRGs/favicon.png" /> which just gets the bad guy to the group that designed the icon. An even more secure option would be to have all the favicons in one spot, referenced by group name or group number, like this:
<link rel="icon" type="image/png" href="https://groups.io/i/12345favicon.png" />
- Wikipedia also mentions that the "rel" attribute mentioned above has not been standardized. There's a difference between what W3C accepts and what browsers implement. That's an argument for purists, not realists. W3C deprecated <b> for bold at least a decade ago, recommending the much-longer-to-type <strong> attribute, but every browser still accepts <b>. Same with the open-in-new-tab link attribute target="_blank". W3C says don't use it, but there are billions of web pages that do, so the attribute will be accepted forever..
- There's a longstanding criticism that favicons are inefficient because browsers request them on every web page and are hence wasting bandwidth on every site that lacks them. I'm afraid that horse has already left the barn. There is no way you are going to get Chrome, Edge, Firefox, Safari, Opera, Yandex, Brave, et al. to stop checking for favicons.