Thread:Project:Support desk/using HTMLForm class vs adding HTML directly/reply

The HTMLbuilder applies the proper escaping to everything. Using raw html is a bit more adventurous because you need to make sure yourself that you are not introducing a security leak. Especially in forms, with user input, taking care of proper escaping is something not to take lightly.