That could do with being mentioned in the README, a large part of the problem with PHP is developers not knowing what method to use to sanitise strings. After seeing striptags mentioned explicitly, I expected the worst.