The same guy using the sniffer on your network can just as easily click on the same link. You just can't cover all possibilities. The bottom line is going for the best user experience while allowing for a reasonable risk.
Your original complaint came from breaking your own rules. You could have logged into the secure area, changed your password, and everything would be fine. No need to take away convenience from those that like a record of their account. Best to save Fort Knox security for Fort Knox situations.