What could you possibly do in HTML that would present a security risk that doesn't involve putting passwords in the comments or miscalling CGI scripts? Besides, encrypting HTML would make it un-parse-able for a browser.