This is the new "kid gloves" XSS security feature. It auto-escapes output components if no skills declaration is made in the override code. I'll take a look at this case and see how we can tune it to make it a bit better.

The issue specifically here was that the fields for the form get turned from Tempcode back to a string, prior to rendering, for performance reasons (carrying through Tempcode object structure for the whole form structure, used too much RAM). This made the system not know the form fields were part of the output assembly rather than based on some kind of possible user input, so they got auto-escaped.

I've now made it track the output of anything that gets internally evaluated, and know never to auto-escape that.