WYSIWYG editor plugin - a major security vulnerability ?

By default there is only a plain text post editor. But in the dashboard there is a WYSIWYG plugin by Mirabilia Media.
The thing is, it allows to edit the HTML of a post. Does this mean that enabling it exposes the site to a wide range of injection attacks?
0
Comments
Nope.
html is filtered by htmLawed.
grep is your friend.