One of the drawbacks is that you will need to escape from special characters manually. So, you need to encode characters like>, <and and (see Wikipedia article on HTML coding).
This is pretty trivial, as there are utilities for this that have been baked in .NET libraries, for example HttpServerUtility.HtmlEncode , but many people will forget about it and will not check all special cases.
Another drawback is that if you just populate the div with some arbitrary HTML, it means that you are probably creating the HTML manually, which might go wrong if you just use string concatenation or something primitive, like that.
If you are doing this client side, it is much better to simply rely on adding elements to the DOM rather than setting innerHTML .