protect against tabnabbing in statement

Hello, when we include a link on statement in our profile, it just create an html tag like this: ``` <a href="http://google.com">http://google.com</a> ``` ^ That's vulnerable. How? Once the owner of the profile added a malicious url it is possible that the link has a referral link thingy that will open a tab that has a phishping page of gratipay. Fix: ``` <a href="http://google.com" rel="nofollow">http://google.com</a> ``` Allan