Anonymous Monk is right. If a hacker can put anything at all into your webpage they can insert JavaScript, a tag with a style attribute that imports a tracking URL to monitor other users who view the info in the future, or this one if the data goes to the DB: Exploits of a Mom.