OpenACS definitely needs a way to assign different HTML security policies based on who is editing what.
For a site administrator editing the home page, we most likely need to allow any HTML, but for a regular user posting a forum message, we would need to be more conservative.
One thing I tried was to just skip HTML security for site-wide admins, which solves the problem for the simplest sites.