History Of The Stack Exchange API, Mistakes
Kevin Montrose (via Reddit):
This led to the situation where question bodies are safe to embed directly, but question titles are not; user about mes, but not display names; and so on. Ideally, everything would be safe to embed directly except in certain rare circumstances.
This mistake is a consequence of how we store the underlying data. It just so happens that we encode question titles and user display names “just in time”, while question bodies and user about mes are stored pre-rendered.
I’d love to see more articles like this.