I'll let people with more security expertise than me comment on the actual list of tags but ...
It's a bug for the preview feature to automatically throw you into spellcheck/html mode ... if I say I don't want spellchecking, by golly I don't want spellchecking. And if I'm not doing HTML, I don't want my preview in HTML.