Alternatively - html is one of the biggest security nightmares known to mankind
Currently, if you allow html in posts, you are effectively allowing control of the server, unless continous patching and hotfixing is done...and even then it won't be protected from some day-zero ish attacks.
At least limiting to UBBcode locks things down a lot. And it's the best you can do without a full time security person.

Hey, we can still link to sites/files and input text in some colours. It's not like we're stuck to 1 colour and no links