chrishajer is right – bbPress probably wouldn’t have released without some tightly knit coding to escape malicious scripts as a standard practice. Though, if you do want to delve deeper into guarding against attacks, there are some pretty handy tutorials on managing databases here: http://www.microsoft.com/hellosecureworld7
