Updated: Comment #0
In the interest of security should we sanitize _title_callback returns by default?
Decide whether to sanitize by default - these are primarily used for breadcrumbs, head title and page title
Determine a way to replicate the old PASS_THROUGH logic for when the title contains html
User interface changes
_title_callback no longer needs to return a sanitized string