ApocalypseCow, thanks for your reply. I think it's all about data types. If we are talking about plain-text data, it's not "unsafe" until it's rendered as raw HTML. And the same data source could be used in other destinations as well.
I'd hate to see something like "<somevalue>foo &amp; bar</somevalue>" in an XML data stream if the actual payload was a plain-text "foo & bar".
This brings us to the very important point: the intended data type (plain-text, html text, etc) of each data item should be always very clear to the developer. (That's why I brought up the Apps Hungarian notation.)
And it's not only about server-client communication. Let's think of the editable grid. To me it seems awkward that the default configuration and the sample (http://extjs.com/deploy/dev/examples...edit-grid.html) work so that if a user enters "<b>foo" in a grid cell, he gets a bolded "foo". (Try it on the sample page!) This is clearly a bug. (Not an XSS bug.)
To fix this (little) bug, the htmlEncode renderer is needed anyway for the grid cells. Or something else more complicated.
I hope I could make my point a bit clearer now. This is a very good and very important conversation.