The Moodle program uses /lib as a directory...which of course is a directory protected on the server for system files. Apache mod_security will stop you from getting to the files and images, thus preventing the WYSIWYG editor from working. There really should be no /lib used in a website. See if you can get your ISP to remove the /lib directory from mod_security for your site. Worked like a charm for me.
I haven't heard of that before, that might not be a common setting by ISPs I think...