Hi @session
The reason that your administrators restrict the ability to save HTML files is subtle, and it’s the same reason that (for example) Dropbox allow you to save HTML files but won’t allow you to view them as HTML documents without downloading them.
The problem is that a webpage hosted at (say) https://example.com/users/jeremy/myfile.html can access all the cookies that have been stored against the domain https://example.com. These secure sharing systems generally use cookies to store the credentials of the current user. That means that an evil web page can steal those cookies and then impersonate the current user, perhaps performing evil actions as if they were them.
This is one of those situations where the original design of the web was inherently insecure, and fixing it has involved browsers significantly limiting what web pages can do.
As far as this issue is concerned, TiddlyWiki is just another HTML file, perhaps one carrying particular risk because it is designed to encourage users to extend it with plugins etc. TiddlyWiki cannot detect or prevent plugins that are evil; the best we’ve got is for users to be super cautious about installing untrusted code. For most users, all that is needed is an awareness of the problem, and a cautious approach to adopting plugins: sticking to those that are widely used and/or from a reputable source is a reasonable strategy.