Which is exactly what I think is either invalid, or also applies to UBBCode. Actually, since HTML is not parsed by the BBS software, while UBBCode needs to be parsed by it, it would be easier to hack the BBS software using UBBCode then it is using HTML.

Yeah, this is why I never bought the original explanation that there was some kind of security concern here. HTML is a *markup language*. Unless it's carrying embedded client-side JavaScript or something, I find it difficult to believe someone can do anything more malicious than linking to www.goatse.cx or using <BLINK> tags.

(By the way don't click that link.)