Good well intended advice, thanks. 

Question: if I disable the HTML view of CuteEditor, how much script can they get into the page (assuming they're not very committed and/or programming savvy)?

 

Can they type <% [some script %> into the normal mode view or is it automatically encoded so as to stop it being run by the server?