There is ability to inject any HTML code to user profile page. Some users use it to customize style but it is ruin OGS site styles on profile pages.
Some users include external executables (possible malware) like visitor logging, example GM.Chu1wee.PBI (Visiting this profile may be dangerous)
I think the ability to inject any HTML code must be fully eliminated. Just consider about people with epilepsy. Blinking and high contrast pages is not good for some people.