Yeah. I don't even think it's a good idea in the wiki. Actually, it's a pretty bad idea, as we're finding out here. Applications that need different behavior from their richtext widgets should probably be forced to write their own. The core widget should not bypass security checks.