Have thrown together https://www.mediawiki.org/wiki/Help:Security/SVG_files to serve the same role as https://www.mediawiki.org/wiki/Help:Security/PDF_files.
I'm not sure about this. I think this might cause unnecessary fear relative to the risk factor for an SVG (Particularly once CSP is implemented).
Unlike PDFs, we do try to detect malicious files (albeit, not perfectly), and the type of exploits that malicious pdfs have done are quite a bit worse then what someone can do with a malicious svg in a browser. (barring browser bugs)
Yeah… if we want this, I think we should implement both whitelisting for SVGs (for files that are definitely perfectly safe) and blacklisting (for files that are definitely not safe), and allow files in the grey area in the middle with this warning.