I have a similar request as Chris, I'd like to HtmlEncode the grid output. You state that you do not think that the radgrid is vulnerable to xss attacks, and after playing around a bit thats partially true. When I try to do some test inserts on your radgrid demo pages my attempts at adding <script>alert("foo")</script> tags fail. This is a good start, were halfway there.
Where I start to have problems is if I insert the same test script into my database record and then populate the radgrid. Unfortunatly the alert gets run. I think this is a problem.
Since my data is not always comming in via means I can control I need to make sure it's safely displayed. The capacity to display GridBoundColumns with some sort of HtmlEncoding could mitigate this issue.
I realize I can handle with a GridTemplateColumn, or in the OnBound event, but your controls are easy to use and I'd rather keep it that way.