I think this is a very bad idea. Can we at the very least just change it to a normal link? Why embed a third party application? I can't even tell which version of rocket chat is running, so I can't even tell which exploits have been fixed.
Edit: The link has been changed to a normal link. Well done, Golos!
It's also a problem for novice users who don't realize that their password for rocket chat is different than golos.io. Password managers will automatically fill in their golos.io password because it's on the same domain. This is all very bad.