Homoglyph attacks. User ‘cat’ and ‘сat’ are different unicode strings although they look the same. The first letter in the second ‘сat’ is Russian ‘с’ – “CYRILLIC SMALL LETTER ES” to be exact. The system can’t easily tell that you’re spoofing another user’s name – to the computer the nicks are different.
Edit: Preventing mixed scripts does not solve the problem. For example ‘сосо’ is pure Cyryllic and can be used to spoof ascii ‘coco’.
Also, left-to-right override (and friends.) Leave them unsanitized and they’ll mess up your whole page.