Many plugins use Velocity template that are not structured to work correctly with Confluence's "Anti-XSS" feature. As we would like to transition the product to use this mechanism by default, especially in the core, we need a way for plugins to hint at whether they have been designed (or verified) to work correctly under this scheme.