What're the risks of allowing it your user posts? This seems to be the coding most users are comfortable with. And myspace allows it with millions of users and professional hackers. Is allowing my users the convenience of HTML not worth the risks?

Say I am a malicious person, I am not be sure, but let's pretend, and I visit your site and make a post. Hey, you allow HTML so I add some JavaScript to throw an unlimited number of porn pop-ups at people who reads my post. Anyone without a pop-up blocker is not going to be happy, and that'll be the least of your worries.