1) No idea. Just had a look and the only event was with coding and not scanning for user opening. If you catch it, is it a function you can send back true to say you dealt with it? or is there a variable cancel?

That message (2) is MS with a security patch that lets the user know if something is trying to use the email/contacts list. To try and reduce viral attacks. As far as I know you cannot do anything about it, unless there is a security setting of low which then opens more possibilities for attacks.

Just let the users know about it, and say you will investigate a better route for the future. The research to see if there is anyway around and provide your research results to the users/customer.