Comment 6 for bug 128398

What is this security issue about? If stuff is exposed to templates, then users can get at it, therefore such stuff must never be exposed or else there's an exploit, right? I'd hope that RDF/XML could itself be written as a template.