Twitter API doesn't sanitize characters such as U+0010 Data Link Escape in JSON output, while it does sanitize it into a "*" in XML. See the following files and pay attention to the text field. This becomes a problem when a 3rd party API site, such as Gtweet, generates XML-based format, in this case RSS, based on the JSON, it would result in malformed XML if the 3rd party site doesn't do sanitization.
In fact, this already broke my feed reader.
How to reproduce
The attached files are generated by