It comes with all of the risks of loading a webpage that’s been created by a malicious actor: For most of us, nearly all of the time, the risk is limited to information disclosure (valid email address verification or anything else that can be gleaned by running javascript in a browser). In exceptionally rare cases, it can deliver an exploit for a browser vulnerability, but that’s not something most people should worry about.
I really dislike the preview function and would much prefer it to just show the URL for the link instead.