@lukegb FYI I did agree to the renaming.
I had assumed I wouldn't be the first person to use < and > (they are, after all, both explicitly whitelisted as legal characters) and that 99% of systems would already be escaping them. The same way company 10542519 didn't cause any problems - I would just get a company with a playful name that would elicit a knowing chuckle from the kind of people we'd be doing business with!
Once it turned out there were non-trivial problems, and that fact became more widely publicised, we can't expect every consumer of data to do a full XSS audit in only a few days
And while removing script tags from scanned images in PDFs seems a step beyond what I'd expect, who can object to a large holder of PII being especially energetic in their response to a security issue?