Extension:SecureHTML - XSS risk?
Well you'll need to semi-protect a page to test it.
But this isn't emailconfirmed, it's autoconfirmed. And it's a default part of the system you can't remove it.
Presumably a half-decent fix might be to use
$title->isProtected( 'edit' ) && !$title->isSemiProtected( 'edit' ).
That said the premise of these extensions is horrible. Allowing arbitrary pages to have raw html can never truly be secure. No mater what the protection.
To top off the issue with isProtected this extension relies on modifying a wg global in order to work. This isn't local. If something else is parsed on the same page as a protected page an unsafe page could potentially be parsed allowing raw html in it.