The Mozilla documentation for the meta element - charset states the following in its Notes section:
It is good practice, and strongly recommended, to define the character set using this attribute. If no character set is defined for a page, several cross-scripting techniques may become practical to harm the page user, like the UTF-7 fallback cross-scripting technique. Always setting this meta will protect against these risks.
It also states that:
Authors are encouraged to use UTF-8.
Specifying a charset, for example,
head of your HTML document helps protect against cross-site scripting attacks.
Here's an example of an attack on Google: Google's XSS Vulnerability.
Also, according to the Mozilla docs, it's important to place the charset declaration within the first 512 bytes of your HTML file as some browsers only look at these first bytes before choosing a character set for the page.