Thanks for the report. I agree that we should be more explicit in what this method does, through documentation, better method names, or different types in those methods.
Renaming display(String, String) to follow other methods like ContentPanel.setHeadingHtml/setHeadingText would be a breaking change, so cannot be done before 3.1. Likewise, changing its behavior to now escape strings where it used to allow them normally, so instead we'll better document them in the short term, and add a SafeHtml variant to make it easier to use safely. And just as we support ContentPanel.setHeadingHtml(String), we will probably continue to support strings, as Info.displayHtml(String, String) or the like.
Additionally, the InfoConfig subclass DefaultInfoConfig has setters that support html as well as text, and the getters return just SafeHtml. These are breaking changes, as noted, so will only be available in 3.1 so that applications that depend on 3.0 can continue to get bug fixes without breaking code.