On the security report available on the latest moodle_19_weekly, the XSS trusted users warning appears when users has the Teacher role in the course context.

While it is correct that the teacher role should be assigned to trusted users, the warning may suggest assigning teacher in courses is dangerous.

Wouldn't be preferable to fire a more moderate message when the Teacher role is detected in course contexts or better explain the reason we warn users?

A good starting point could be to present the list of users (showed on the Risk explanation page) with the role they have and in which context. This could help to better understand the real risk condition.