well, there might be. if you allow HTML in your comments, you could have the same thing happen to you as i had over at surreally — find a hacker bot nestled in one of your directories. i’ve just now found out what causes that, and as security holes go, this one’s huge. basically all a person has to do is put the right bit of server side code, in a number of different languages, in the comment box, and submit, it will execute commands on the server. big, scary hole. more about that here.
the patch is simple, and right now i’m about to upload it to all the copies of MT running on all the surreallys, then i’ll put up instructions outlining the very simple template changes that will be needed, i’ll link that up when it’s done, i just wanted to get the word out on the patch.
those of you who aren’t using HTML in your comments don’t need to worry.