Concerns about embedded html and iframe


I’m investigating possibility to use ghost for a community web page. I saw there is possibility to embed in a post a html container.

Is it possible to forbid/allow to embed html only for certain users? Some posts will be imported from an external source. Is it possible to deactivate embedded html to be rendered for such posts or should I manually cleanup text body before importing?

I’m not very experienced with web, but I heard many scary things about embedding html into blogs, iframes.

Sure, if only I would post on my web page, the embbeded html make me more flexible. But if any people will post, is it good?