I was reading this hack....and was wondering....why is this risky?

https://vborg.vbsupport.ru/showthread.php?p=1658551

When HTML is allowed, you can post malicious code. Like iframes (which can contain virusses) and JavaScript (which can be used to obtain admin passwords).

So you create a huge XSS (http://en.wikipedia.org/wiki/Cross-site_scripting) security leak. Only allow it if you really trust all people in that usergroup.