How do you convert unicode to letters before you check strings? A lot of contact forms are easily bypassable as most scripts don't check for unicode inputs. Even the VB forums, I               Can                      add            loads            of             non-breakable spaces.
There aren't many things you can do with Unicode. Browsers do not translate Tags that are written in Unicode, but only text. Browsers will display the actual code, untranslated. Peace,
What about email contact forms? You can easily insert disallowed words (e.g. content-type: bcc: ) in unicode. Most mail forms won't detect it. However, I know a few that do (.net ones). Thus it seems likely that it is required for better security. I'd test it if I knew how to do an injection attack on a contact form.