It is trivial to strip links being sent to a user over unsecured channels.

There are many things that can mitigate an sslstrip style attack, but coverage from those things is patchy.