XML serialization does not escape tags properly

[slhck]

In all places where XML-based files are created, we should add <![CDATA[ and ]]> wrappers, since strings could potentially include XML-illegal characters (like <, & etc.).