It is silly if the content of `comment` is coming from an external source (e.g. query string). Could you identify a specific jQuery vulnerability that makes otherwise safe code unsafe?

This example will only affect that particular user viewing the page, though. And once they hit refresh, that'll be gone.

If I'm following your other example with malicious input into a form; the snippet would have to pass server-side validation (likely, since it's probably checking for SQL injects). Then past that, when it gets rendered for other users, the view/templating would need to display the snippet as a script instead of just text, right?