This is completely true, and we are aware of the potential dangers in allowing html in posts. This is a mature community and has mature users; we would never expect a malicious attempt at our board or its users.
Having said that, I’ll admit there is little use for html with the vast amount of functions available with bbcode. html is still active mainly because I have a use for it at this point in time, as message board modifications are in progress.
If there are any other potential security holes you (or anyone) would like to make, please contact me directly at: Derek@BP6.Com or Tim at: Tim@BP6.Com (Tim will forward security related mail to me).
I'll have more to say about html soon.