1a) Safe for what? As long as your database operations sanitize all user input via mysql_real_escape_string() before insertion into queries, then there’s no way a malicious user could attack your database via injection attacks. HTML in the database is like anything other piece of text in the database – it’s just text with some extra “weird” characters.

1b) As for why it allows it, did you explicitly tell it to NOT allow html? PHP/Symphony/MySQL do exactly as you tell them to.

2) Ensuring that the HTML is valid is up to you. You can use things like HTML Purifier to fix “broken” html.

3) If you’re doing HTML sanitization/filtration, then a user can embed <script> blocks into the html they’re adding and steal cookies via that method…

4) Those editors are just editors. They display stuff and let you (or others) edit that displayed material. They’re as safe or unsafe as you want them to be. They’re just tools. If you provide a loaded gun to someone, then don’t be surprised if someone gets shot.

5) Just because some text has tags in it, of any sort, doesn’t make that text magically “different” from other text. MySQL doesn’t care, need to know, or even HAVE to know that you’re inserting markdown’d text into a field. It just stores what you tell it to, and pulls it back out when you want it too.