[eluser]dtrenz[/eluser]
SQL injection? If you don't escape all of your SQL queries, then you really are insane. I'd hate to think that people are relying on CI to protect them from injection.
I want to allow all, because I keep discovering exceptions in the form of a stupid “The URI you submitted has disallowed characters” error. I'd much rather give my users a well designed 404 then that.