I went through all our calls to purple_notify_user_info_add_pair() and checked whether they should be purple_notify_user_info_add_pair_plaintext(), instead. If it wasn't immediately obvious one way or the other then I left a comment to investigate. I suspect there are still a lot of places where we should use the _plaintext function to escape the value.