Output the value of the form element either like this:
<input type="text" name="email" value="<?php echo html_escape($email); ?>" />
Or like this
<input type="text" name="email" value="<?php echo set_value('email'); ?>" />
Either method will escape your data for output to the screen.