If your irite form is protected with a login, then no hackers could be put in a position where they could use them to cross-site script... That is probably the best defense.
If you need to put your form fields in an open area where hackers can play with them, then displaying it later to another user, then you definitely would want to do something to prevent cross-site scripting. In order to take advantage of cross site scripting the hacker has to have access to the form, displayed results, and usually some other user has to be able to view the results for any real harm.
In most situations I'd just suggest protecting the form so that cross site scripting is unlikely to be done by someone with administrative privilages.