libraries:input:xss_clean - does a rawurldecode : this breaks some post data, and is unnecessary

[eluser]Unknown[/eluser]
libraries:input:xss_clean - does a rawurldecode : this breaks some post data, and is unnecessary

I have xss_clean configured on site wide.

I understand that post (input) data is urldecoded to try and prevent url encoded domains being submitted.

However

a - this is pointless as to get around it as a hacker I just need to double url encode my attack string
b - if I have a place holder in a template being submitted called say

[eluser]Unknown[/eluser]
BTW - this post, as i suspected when i wrote it - show the problem

[eluser]rlaskey[/eluser]
Does anyone else have some thoughts on this? I'm in agreement that the rawurldecode isn't a good thing; it's breaking a particular part of my site where I'm storing URLs, since they're technically mal-formed with special characters, etc. If we're only talking about security by obscurity / not being able to readily read the hex characters, I vote to veto.