ValidateRequest is releted to the HttpRequest and not to the individual controls on the page. that's why when it detects some html that it feels could compromise security and/or page integrity, it throws the exception.
it's a trade off really setting it to false to allow everything thro. in 99% of cases, it's fine, even more so with the beerhouse dal as it's using parameterised sp's. your main issue may well be stray divs 'bending' your page etc.