The choice: saving a few bytes per quote which means you absolutely know the content is safe to be thrown around in inputs, or other form items or indeed via JS.
Or, fixing every time this comes up. I already had to put a work around into the display code so that the subject would be cleaned so quick reply would actually get this right.
I stand by what I said: I was fine with this all the time security's not an issue. Except we're half a step away from security issues with this. I'm *still* not entirely convinced there isn't an XSS bug lurking because of this, I never have been convinced of its being as secure as using htmlspecialchars with ENT_QUOTES everywhere and just being done with it.