You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem.
You should complain in that issue:
https://github.com/spesmilo/electrum/issues/4968I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still Latest release: Electrum-3.3.2 , even more confusion...?
3.2.4 contains a backported version of the phishing attack mitigation for users who can't upgrade to python 3.6. Everyone else should stick to 3.3.2.