Drupal, text formats, and HTML filtering

Drupal's HTML filtering is an important security feature - we wouldn't want any blogger to be able to post JavaScript tags because that's how XSS attacks - or worse - are launched. In Drupal, unlike other blog systems like WordPress, you can't assume that the people who are allowed to create content are trusted. On many Drupal sites anyone can sign up for an account and start blogging. If those sites allowed JavaScript tags or even form tags to get through the filters it would quickly become ripe with bots and bad people doing naughty things.