The problem with #2 is that I wouldn't be totally comfortable with having the client browser able to link to arbitrary sites, or even just the forum.
I don't know about you, but I certainly wouldn't want a web browser that has access to my private keys to be able to get to the internet (except indirectly through the client RPC of course).