validation – Validating input in-line or from a seperate field?

NIST stipulates that you shouldn’t pass trusted or untrusted data directly into an event handler, interpreter or compiler.

You should store the value in a separate field and let your handler pull the value out.

Providing validation is performed as it hits the handler, why do we care?