validating the whole app against dangerous characters

Isn't this not covered by the 'h()' method? Which scrubs exploit code like XSS & SQL injection from your inputs?

And shouldn't this really be done in the view not the model?

Good question, and I don't know the answer to it. I see where you are coming from all right - you want the _default_ behaviour to remove, or generate an error on detection of dangerous characters.

However in addition to model-based validation, look into view validation using the h() method (which purges everything silently). You wouldn't want to use it everywhere - like for instance in your signup code you definately want to be messaging to the user that their login name is unacceptable.