Yes, there are several threads here on the security ramifications of allowing embed and iframe, various plugin suggestions, and ways to modify kses.php. Sorry for starting a new one.
Many of us WPMU admins are in educational settings where we're not allowing the general public to sign up for blogs - we're running tightly controlled blogging environments for 20 or 30 students. Not having WPMU work like standard WP is a pain in the neck. Hopefully in the future, WPMU will include an option: "Allow WP-standard tags in posts [security warning...]" Alternatively, a WPMU plugin that allowed this would be great.
Until that time comes, I found a simple solution that doesn't require hacking - just grab wp-includes/kses.php from a *standard* WP installation and overwrite the one in WPMU. So far, in my testing, I'm not seeing any downside to this approach except that I'll have to re-do it after each upgrade. Can anyone think of any major issues with this (again, assuming I'm happy to have the security issues be the same as for single-blog WP installs)?
Scot