Is it just me or is the first example on their front page a great example of XSS? Unless their standard string formatting routines are performing escaping, this is pretty awful.