Text fields themselves are safe, as all html code is displayed as is.
You mean probably the Editor Text Area type field (aka "Creative Field")...
Yes, you are right, it is a field type, which shouldn't be given for free editing to general public, as it allows to insert any kind of nice and bad html code !
The only way you have to control what's inside, is to chose and parameter an html editor which does not allow to edit the html code, is restrictive in the tags allowed, and does not work at all when browser's JavaScript is disabled...
Anybody knowing an editor doing that ?