Where the email is stored.
I'd say there is little impact as when a malicious email ends on disk, it was processed and the potential damage has been done already. I trust the server-side filtering and thunderbird security more than file-access protection in defender
