well, HTML in the articles WILL work, so long as you don't ever open them for editing again... (i.e. of the 900 that I imported, I only had to edit the HTML out after we re-saved the record.)
and yes... allowing HTML *IS* insecure... that's one reason that forums use BBC in the first place.
I don't believe this is correct, on either point.
After importing, SMF articles displays the HTML code as though it were typed into a BBCode field. (i.e. the formatting is visible) Unless you used some alternate means of import-- all I'm seeing is garbled articles.
BBCode isn't necessarily helpful for security, but is easier for users to use than standard HTML entities. However, a simple HTML filter would remove any supposed XSS/javascript vulnerabilities.
Further, as in my case, the only people able to author articles are already admin-level, there should be no added security concerns over having HTML articles.
As mentioned, SMF already allows "basic HTML" in forum posts (See the Posts and Topics setting)