So why not allow the users to post a HTML file as Multimedia, and display the uploaded page in an iframe or even as a page of it's own when you click on it.
Sure, you could potentially upload a thing that redirects you to a bad site on the internet. You could even upload some bad site yourself. You could also break the rules in general and start uploading pictures of dead puppies, make hate posts et cetera. The rules state "No uploads of files containing malicious code" - which applies to HTML artwork as well. Artwork that breaks this rule will be downvoted, reported and removed.
As for everyone concerned about security, this is a different situation from, say, allowing HTML to be displayed in comments. If HTML was allowed in comments, any page you visit could potentially contain scripts written by any user in FN. However, by allowing HTML to be uploaded, you know exactly when you're opening someone else's scripts, and you know where the scripts come from (hint: it's the uploader). So if something funny happens, you know it's probably in the HTML you just opened. As the source of the HTML is accessible to everyone, anyone can check what code they are going to run. In Flash you don't even have that option.
The point I'm getting at here is that when the upload is clearly stated as being HTML, the users expect it to be HTML, expect to something new to happen, and are okay with it. Just like opening a new website, or clicking a link in the description that takes you to a new website.
If you clicked on something that looks like a game:
You might not be so surprised if the game goes fullscreen. If you click on something that looks like a video, you might not be startled when the video starts playing.
So instead of seeing this as another potential security risk, try to see it as a potential for users to create more dynamic and awesome content to share to the world.
I'm open to discussion, let me know what you think!
iveks out! ~
Customer support service by UserEcho