Document lack of sanitization of HTML output

[MaddyGuthridge]

Like many other Markdown processors, Python-Markdown does not sanitize its output, meaning that malicious code can be embedded within markdown documents.

# Some markdown document

<script>alert("Evil laughter")</script>

If this isn't made clear to users, there is a risk that they will unintentionally create opportunities for XSS attacks. It would be worthwhile documenting the lack of sanitization, and perhaps recommend an HTML sanitization library, such as bleach.