I was just reading Scott's post on Stefan Demetz's suggestion to change the default behavious of textboxes to only allow AlphaNumeric charcters by default. Personally, this is a shockingly bad idea, as I posted in my comment on the MSDN Lab site:
'This is a really bad idea. So suddenly, by default, a user cannot complete an online form if their name contains and apostrophe of a dash. No more Peter O'Toole, or Camilla Parker-Bowles. If you want this functionality, why not just create a custom validator. Or create a new inherited TextBox object that strips out unwanted characters as required and/or throws an exception.'
As Scott rightly says, a developer should be aware of these issues, and address them accordingly. To change such a fundamental feature of one of the most basic form building blocks is bound to end up causing massive headaches, particularly when there are simple steps to follow to prevent SQL injection attacks.