Hmm. There is definitely a lots of validation on both the client and server. The demo refreshes every 30 mins so I'm not able to see what you're referring to. Can you shoot me an email with the issue you're referring to and I'll look into it asap. Thanks.

I added description to a task which looked like this: <script>alert('lol!');</script>

And it happily runs the script when you view that task.

OP, if you can address this, I'll probably buy.

How are tax rates configured? I didn't see anything about it in the admin demo.

The tax rate is set in the config file.