Note that it's disabled if the image is loaded with an img tag, so allowing users to embed arbitrary URLs as images is safe. The issue is if you allow uploading of svg files to your own domain, someone can then have their own site redirect to the svg or load it in a frame, at which point it can run scripts from your origin.
(a better use would be stuff like D3-style interactive charts)
Warning: I never finished that project because SVG rendering was too slow ~6 years ago. Frames would drop on every reflow after any DOM change. Arrows move, space shoots. Collision checks are on so the shield (x) works, but the death animation is disabled in that version.
I actually agree that images shouldn't be Turing complete. That's unnecessary in almost every normal situation and only adds attack surface. However, there is a place for animated vector graphics.
An image of type "image/svg+xml" is as powerful as a text of type "text/html". In both cases their mime-type could be considered a misnomer.
In general I find it more helpful to think of SVG as a xhtml-like format with tags for arbitrary shapes. It has full support for interaction, state, javascript, css and almost anything else you expect from a html document.
SVG is vector, not raster, and in one way of thinking, is embedding instructions on how to present and manipulate an image or set of graphics directives.
How close it is to Turing complete I'm not sure -- I've played with them a tad, enough to find them quite adaptable and useful, but have also seen stuff, much of it from David Daley (https://ello.co/ddailey) which boggles my poor little brain.
