I fundamentally disagree with you. If a piece of technology allows for such catastrophic mistakes, then it is at fault; not people. This is what we've learned from cybersecurity research over the decades. You can't train people to work around dangerous systems; you have to fix the system.

As for HTML emails - do you think the web would be better as plain text as well? Maybe so, but the majority don't