If you were using an email client that executes arbitrary HTML, you'd be owned since a long time anyway. That'd like using a browser that doesn't have any cross domain security boundary - it's just not a realistic attack vector, these things don't exist - or do you know an email client that actually interprets JS?
You don't need to execute JS in order to phish, as the original link alludes to with the html comment trick.
This particular comment thread was mostly about webmail clients. But to your specific question... take a look at the link for an incomplete list of email clients that runs JS
