Atom, like various RSS flavors, lets you include HTML in entries. The IETF requires that all specs have a security section. We were hunting around for a suitable reference on HTML threats and didn't find one. If one exists that covers this modern life, I'd love to know.
It boggles my mind that the W3C (I think this is their problem) or the IETF or *someone* haven't dealt with this. With MSHTML, Gecko, and WebKit, we've started to see many developers incorporate HTML in their applications. The population of apps ready to be burned is growing all the time.
As we all know, standards organizations have limited resources, so perhaps they should hold off on the Modularization of MathML X-Forms over SOAP/BEEP with MTOM base-64 content and take the time to document what's out there now.
Meanwhile, someone's mother is clicking on a popup window that's warned her about "DANGER"...